SB2024082224 - NULL pointer dereference in Linux kernel net arcnet driver
Published: August 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024082224
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2022-48908)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the com20020pci_probe() function in drivers/net/arcnet/com20020-pci.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/8e3bc7c5bbf87e86e9cd652ca2a9166942d86206
- https://git.kernel.org/stable/c/b1ee6b9340a38bdb9e5c90f0eac5b22b122c3049
- https://git.kernel.org/stable/c/b838add93e1dd98210482dc433768daaf752bdef
- https://git.kernel.org/stable/c/e50c589678e50f8d574612e473ca60ef45190896
- https://git.kernel.org/stable/c/5f394102ee27dbf051a4e283390cd8d1759dacea
- https://git.kernel.org/stable/c/ea372aab54903310756217d81610901a8e66cb7d
- https://git.kernel.org/stable/c/ca0bdff4249a644f2ca7a49d410d95b8dacf1f72
- https://git.kernel.org/stable/c/bd6f1fd5d33dfe5d1b4f2502d3694a7cc13f166d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.270
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.305
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.104
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.183