CVE-2022-48663

Summary

In the Linux kernel, the following vulnerability has been resolved:

gpio: mockup: fix NULL pointer dereference when removing debugfs

We now remove the device's debugfs entries when unbinding the driver. This now causes a NULL-pointer dereference on module exit because the platform devices are unregistered after the global debugfs directory has been recursively removed. Fix it by unregistering the devices first.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3815e66c2183f3430490e450ba16779cf5214ec6 < bdea98b98f844bd8a983ca880893e509a8b4162faffected
LinuxLinux3a10e8edee2b45a654f1f7b05f747129ec84cf9d < 18352095a0d581f6aeb1e9fc9d68cc0152cd64b4affected
LinuxLinuxbc55c1677edbe86a1c66a35e800df47dff16ad61 < af0bfabf06c74c260265c30ba81a34e7dec0e881affected
LinuxLinux303e6da99429510b1e4edf833afe90ac8542e747 < b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68affected
LinuxLinux5.10.144 < 5.10.146affected
LinuxLinux5.15.69 < 5.15.71affected
LinuxLinux5.19.10 < 5.19.12affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References