#VU91227 NULL pointer dereference in Linux kernel - CVE-2022-48708

Vulnerability identifier: #VU91227

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48708

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pcs_set_mux() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/1177bdafe87cbe543a2dc48a9bbac265aa5864db
https://git.kernel.org/stable/c/e671e63587c92b3fd767cf82e73129f6d5feeb33
https://git.kernel.org/stable/c/2b763f7de108cb1a5ad5ed08e617d677341947cb
https://git.kernel.org/stable/c/6e2a0521e4e84a2698f2da3950fb5c5496a4d208
https://git.kernel.org/stable/c/71668706fbe7d20e6f172fa3287fa8aac1b56c26
https://git.kernel.org/stable/c/bcc487001a15f71f103d102cba4ac8145d7a68f2
https://git.kernel.org/stable/c/d2d73e6d4822140445ad4a7b1c6091e0f5fe703b

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.