CVE-2022-48703

Published: May 3, 2024

Modified: Jun 1, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault.

Vendor	Product	Versions
Linux	Linux	affected `0ba13c763aacb27ab32bde5d559bf40e88465921 - < 722588f17fd3d3a127e50718ec2caf22bd7e9daa` affected `0ba13c763aacb27ab32bde5d559bf40e88465921 - < 39d5137085a6c37ace4680ee4d24020a4a03e7dc` affected `0ba13c763aacb27ab32bde5d559bf40e88465921 - < dae42083b045a4ddf71c57cf350cb2412b5915c2` affected `0ba13c763aacb27ab32bde5d559bf40e88465921 - < 7931e28098a4c1a2a6802510b0cbe57546d2049d`
Linux	Linux	affected `5.8` unaffected `0 - < 5.8` unaffected `5.10.258 - <= 5.10.` unaffected `5.15.189 - <= 5.15.` unaffected `5.19.9 - <= 5.19.*` +1 more versions

References

https://git.kernel.org/stable/c/722588f17fd3d3a127e50718ec2caf22bd7e9daa

https://git.kernel.org/stable/c/39d5137085a6c37ace4680ee4d24020a4a03e7dc

https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2

https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-48703

Description

Affected Products

References