#VU92908 NULL pointer dereference in Linux kernel - CVE-2022-48728
Published: June 20, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU92908
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-48728
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hfi1_ipoib_netdev_dtor() and hfi1_ipoib_setup_rn() functions in drivers/infiniband/hw/hfi1/ipoib_main.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/4a9bd1e6780fc59f81466ec3489d5ad535a37190
- https://git.kernel.org/stable/c/a3dd4d2682f2a796121609e5f3bbeb1243198c53
- https://git.kernel.org/stable/c/1899c3cad265c4583658aed5293d02e8af84276b
- https://git.kernel.org/stable/c/5f8f55b92edd621f056bdf09e572092849fabd83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.99
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17