Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-48703— thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR

EPSS 0.01% · P1
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-48703

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于存在空指针取消引用漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 0ba13c763aacb27ab32bde5d559bf40e88465921 ~ 39d5137085a6c37ace4680ee4d24020a4a03e7dc -
LinuxLinux 5.8 -

II. Public POCs for CVE-2022-48703

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-48703

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-05-03 · 25 CVEs total

CVE-2022-48693soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
CVE-2022-48705wifi: mt76: mt7921e: fix crash in chip reset fail
CVE-2022-48704drm/radeon: add a force flush to delay work when radeon
CVE-2022-48695scsi: mpt3sas: Fix use-after-free warning
CVE-2022-48690ice: Fix DMA mappings leak
CVE-2022-48702ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
CVE-2022-48701ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
CVE-2022-48699sched/debug: fix dentry leak in update_sched_domain_debugfs
CVE-2022-48698drm/amd/display: fix memory leak when using debugfs_lookup()
CVE-2022-48697nvmet: fix a use-after-free
CVE-2022-48696regmap: spi: Reserve space for register address/padding
CVE-2022-48694RDMA/irdma: Fix drain SQ hang with no completion
CVE-2022-48670peci: cpu: Fix use-after-free in adev_release()
CVE-2022-48692RDMA/srp: Set scmnd->result only when scmnd is not NULL
CVE-2022-48691netfilter: nf_tables: clean up hook list when offload flags check fails
CVE-2022-48689tcp: TX zerocopy should not sense pfmemalloc status
CVE-2022-48688i40e: Fix kernel crash during module removal
CVE-2022-48687ipv6: sr: fix out-of-bounds read when setting HMAC data.
CVE-2022-48686nvme-tcp: fix UAF when detecting digest errors
CVE-2022-48675IB/core: Fix a nested dead lock as part of ODP flow

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2022-48703

No comments yet

Leave a comment