CVE-2022-48908
Published: Aug 22, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() During driver initialization, the pointer of card info, i.e. the variable 'ci' is required. However, the definition of 'com20020pci_id_table' reveals that this field is empty for some devices, which will cause null pointer dereference when initializing these devices. The following log reveals it: [ 3.973806] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 3.973819] RIP: 0010:com20020pci_probe+0x18d/0x13e0 [com20020_pci] [ 3.975181] Call Trace: [ 3.976208] local_pci_probe+0x13f/0x210 [ 3.977248] pci_device_probe+0x34c/0x6d0 [ 3.977255] ? pci_uevent+0x470/0x470 [ 3.978265] really_probe+0x24c/0x8d0 [ 3.978273] __driver_probe_device+0x1b3/0x280 [ 3.979288] driver_probe_device+0x50/0x370 Fix this by checking whether the 'ci' is a null pointer first.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8c14f9c70327a6fb75534c4c61d7ea9c82ccf78f - < 8e3bc7c5bbf87e86e9cd652ca2a9166942d86206affected 8c14f9c70327a6fb75534c4c61d7ea9c82ccf78f - < b1ee6b9340a38bdb9e5c90f0eac5b22b122c3049affected 8c14f9c70327a6fb75534c4c61d7ea9c82ccf78f - < b838add93e1dd98210482dc433768daaf752bdefaffected 8c14f9c70327a6fb75534c4c61d7ea9c82ccf78f - < e50c589678e50f8d574612e473ca60ef45190896affected 8c14f9c70327a6fb75534c4c61d7ea9c82ccf78f - < 5f394102ee27dbf051a4e283390cd8d1759dacea+3 more versions |
Linux | Linux | affected 3.18unaffected 0 - < 3.18unaffected 4.9.305 - <= 4.9.*unaffected 4.14.270 - <= 4.14.*unaffected 4.19.233 - <= 4.19.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now