NULL pointer dereference in Linux kernel net arcnet driver



Published: 2024-08-22
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-48908
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU96420

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48908

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the com20020pci_probe() function in drivers/net/arcnet/com20020-pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/8e3bc7c5bbf87e86e9cd652ca2a9166942d86206
http://git.kernel.org/stable/c/b1ee6b9340a38bdb9e5c90f0eac5b22b122c3049
http://git.kernel.org/stable/c/b838add93e1dd98210482dc433768daaf752bdef
http://git.kernel.org/stable/c/e50c589678e50f8d574612e473ca60ef45190896
http://git.kernel.org/stable/c/5f394102ee27dbf051a4e283390cd8d1759dacea
http://git.kernel.org/stable/c/ea372aab54903310756217d81610901a8e66cb7d
http://git.kernel.org/stable/c/ca0bdff4249a644f2ca7a49d410d95b8dacf1f72
http://git.kernel.org/stable/c/bd6f1fd5d33dfe5d1b4f2502d3694a7cc13f166d


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###