NULL pointer dereference in Linux kernel pinctrl driver



Published: 2024-06-05
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-48708
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU91227

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48708

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pcs_set_mux() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/1177bdafe87cbe543a2dc48a9bbac265aa5864db
http://git.kernel.org/stable/c/e671e63587c92b3fd767cf82e73129f6d5feeb33
http://git.kernel.org/stable/c/2b763f7de108cb1a5ad5ed08e617d677341947cb
http://git.kernel.org/stable/c/6e2a0521e4e84a2698f2da3950fb5c5496a4d208
http://git.kernel.org/stable/c/71668706fbe7d20e6f172fa3287fa8aac1b56c26
http://git.kernel.org/stable/c/bcc487001a15f71f103d102cba4ac8145d7a68f2
http://git.kernel.org/stable/c/d2d73e6d4822140445ad4a7b1c6091e0f5fe703b


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###