SB2024082179 - NULL pointer dereference in Linux kernel firmware efi driver
Published: August 21, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024082179
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2022-48879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efisubsys_init() and generic_ops_unregister() functions in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794
- https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452
- https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a28399cb5
- https://git.kernel.org/stable/c/e2ea55564229e4bea1474af15b111b3a3043b76f
- https://git.kernel.org/stable/c/adc96d30f6503d30dc68670c013716f1d9fcc747
- https://git.kernel.org/stable/c/703c13fe3c9af557d312f5895ed6a5fda2711104
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.164
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.89
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.229
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2