CVE-2022-48879

Summary

In the Linux kernel, the following vulnerability has been resolved:

efi: fix NULL-deref in init error path

In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated.

Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2ff3c97b47521d6700cc6485c7935908dcd2c27c < 585a0b2b3ae7903c6abee3087d09c69e955a7794affected
LinuxLinux5167f194da6947e19a3e970485ee3ccb44f7958d < 5fcf75a8a4c3e7ee9122d143684083c9faf20452affected
LinuxLinux98086df8b70c06234a8f4290c46064e44dafa0ed < 4ca71bc0e1995d15486cd7b60845602a28399cb5affected
LinuxLinux98086df8b70c06234a8f4290c46064e44dafa0ed < e2ea55564229e4bea1474af15b111b3a3043b76faffected
LinuxLinux98086df8b70c06234a8f4290c46064e44dafa0ed < adc96d30f6503d30dc68670c013716f1d9fcc747affected
LinuxLinux98086df8b70c06234a8f4290c46064e44dafa0ed < 703c13fe3c9af557d312f5895ed6a5fda2711104affected
LinuxLinuxf591a42b8f9a9d20e01d0462f4f55d2176ac52ecaffected
LinuxLinuxe6584124b9823151ef586d10dedf565ade50cea6affected
LinuxLinux4.19.142 < 4.19.270affected
LinuxLinux5.4.61 < 5.4.229affected
LinuxLinux5.7.18 < 5.8affected
LinuxLinux5.8.4 < 5.9affected
LinuxLinux5.9affected
LinuxLinux0 < 5.9unaffected
LinuxLinux4.19.270 <= 4.19.*unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.164 <= 5.10.*unaffected
LinuxLinux5.15.89 <= 5.15.*unaffected
LinuxLinux6.1.7 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References