NULL pointer dereference in Linux kernel

#VU91227 NULL pointer dereference in Linux kernel

Published: 2024-06-05

Vulnerability identifier: #VU91227

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48708

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pcs_set_mux() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/1177bdafe87cbe543a2dc48a9bbac265aa5864db
http://git.kernel.org/stable/c/e671e63587c92b3fd767cf82e73129f6d5feeb33
http://git.kernel.org/stable/c/2b763f7de108cb1a5ad5ed08e617d677341947cb
http://git.kernel.org/stable/c/6e2a0521e4e84a2698f2da3950fb5c5496a4d208
http://git.kernel.org/stable/c/71668706fbe7d20e6f172fa3287fa8aac1b56c26
http://git.kernel.org/stable/c/bcc487001a15f71f103d102cba4ac8145d7a68f2
http://git.kernel.org/stable/c/d2d73e6d4822140445ad4a7b1c6091e0f5fe703b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

openEuler 20.03 LTS SP4 update for kernel

NULL pointer dereference in Linux kernel pinctrl driver