#VU96420 NULL pointer dereference in Linux kernel


Published: 2024-08-22

Vulnerability identifier: #VU96420

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48908

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the com20020pci_probe() function in drivers/net/arcnet/com20020-pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/8e3bc7c5bbf87e86e9cd652ca2a9166942d86206
http://git.kernel.org/stable/c/b1ee6b9340a38bdb9e5c90f0eac5b22b122c3049
http://git.kernel.org/stable/c/b838add93e1dd98210482dc433768daaf752bdef
http://git.kernel.org/stable/c/e50c589678e50f8d574612e473ca60ef45190896
http://git.kernel.org/stable/c/5f394102ee27dbf051a4e283390cd8d1759dacea
http://git.kernel.org/stable/c/ea372aab54903310756217d81610901a8e66cb7d
http://git.kernel.org/stable/c/ca0bdff4249a644f2ca7a49d410d95b8dacf1f72
http://git.kernel.org/stable/c/bd6f1fd5d33dfe5d1b4f2502d3694a7cc13f166d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 20.03 LTS SP4 update for kernel
NULL pointer dereference in Linux kernel net arcnet driver