CVE-2022-48703 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-48703

CVE-2022-48703

May 03, 2024

In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault.

Additional Notes

The description of this vulnerability differs from MITRE.

Related Resources (6)

https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

https://git.kernel.org/stable/c/39d5137085a6c37ace4680ee4d24020a4a03e7dc

https://nvd.nist.gov/vuln/detail/CVE-2022-48703

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48703.json

https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2

Do you need more information?

CVSS v4

Base Score:

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

EPSS

Base Score:

0.01

Products

Solutions

Resources

Company

Compare

Developer Tools