FKIE_CVE-2022-48879

Vulnerability from fkie_nvd - Published: 2024-08-21 07:15 - Updated: 2024-08-29 02:39
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a28399cb5Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/703c13fe3c9af557d312f5895ed6a5fda2711104Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/adc96d30f6503d30dc68670c013716f1d9fcc747Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e2ea55564229e4bea1474af15b111b3a3043b76fPatch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "843ACA9C-4BFF-4EF1-A27D-0641A19FAF65",
              "versionEndExcluding": "4.19.270",
              "versionStartIncluding": "4.19.142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7133953F-C21D-45F4-951D-5FFE67BAF7C1",
              "versionEndExcluding": "5.4.229",
              "versionStartIncluding": "5.4.61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D876B2-AC1A-44CD-BD2B-0E1D3EBBB963",
              "versionEndExcluding": "5.10.164",
              "versionStartIncluding": "5.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E706841F-E788-4316-9B05-DA8EB60CE6B3",
              "versionEndExcluding": "5.15.89",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9275C81F-AE96-4CDB-AD20-7DBD36E5D909",
              "versionEndExcluding": "6.1.7",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix NULL-deref in init error path\n\nIn cases where runtime services are not supported or have been disabled,\nthe runtime services workqueue will never have been allocated.\n\nDo not try to destroy the workqueue unconditionally in the unlikely\nevent that EFI initialisation fails to avoid dereferencing a NULL\npointer."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efi: corrige NULL-deref en la ruta de error de inicio En los casos en los que los servicios de ejecuci\u00f3n no son compatibles o se han deshabilitado, la cola de trabajo de los servicios de ejecuci\u00f3n nunca se habr\u00e1 asignado. No intente destruir la cola de trabajo incondicionalmente en el improbable caso de que la inicializaci\u00f3n de EFI no pueda evitar la desreferenciaci\u00f3n de un puntero NULL."
    }
  ],
  "id": "CVE-2022-48879",
  "lastModified": "2024-08-29T02:39:34.370",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-21T07:15:04.690",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a28399cb5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/703c13fe3c9af557d312f5895ed6a5fda2711104"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/adc96d30f6503d30dc68670c013716f1d9fcc747"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e2ea55564229e4bea1474af15b111b3a3043b76f"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.