CVE-2022-48636

s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup
pointer being NULL. The pavgroup pointer is checked on the entrance of the function but
without the lcu->lock being held. Therefore there is a race window
between dasd_alias_get_start_dev() and _lcu_update() which sets
pavgroup to NULL with the lcu->lock held. Fix by checking the pavgroup pointer with lcu->lock held.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: s390/dasd: corrige Ups en dasd_alias_get_start_dev debido a la falta de pavgroup. Corrige Ups en la función dasd_alias_get_start_dev() causada porque el puntero pavgroup es NULL. El puntero pavgroup se verifica en la entrada de la función pero sin que se mantenga presionado el bloqueo lcu->. Por lo tanto, existe una ventana de ejecución entre dasd_alias_get_start_dev() y _lcu_update() que establece pavgroup en NULL con el bloqueo lcu->retenido. Para solucionarlo, compruebe el puntero de pavgroup con lcu->lock retenido.

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasd_alias_get_start_dev() and _lcu_update() which sets pavgroup to NULL with the lcu->lock held. Fix by checking the pavgroup pointer with lcu->lock held.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-04-28 CVE Published
2024-12-19 CVE Updated
2025-03-22 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/8e09f21574ea3028d5629e5de759e0b196c690c5	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d86b4267834e6d4af62e3073e48166e349ab1b70	2022-09-28
https://git.kernel.org/stable/c/49f401a98b318761ca2e15d4c7869a20043fbed4	2022-09-28
https://git.kernel.org/stable/c/aaba5ff2742043705bc4c02fd0b2b246e2e16da1	2022-09-28
https://git.kernel.org/stable/c/2e473351400e3dd66f0b71eddcef82ee45a584c1	2022-09-28
https://git.kernel.org/stable/c/f5fcc9d6d71d9ff7fdbdd4b89074e6e24fffc20b	2022-09-28
https://git.kernel.org/stable/c/d3a67c21b18f33c79382084af556557c442f12a6	2022-09-28
https://git.kernel.org/stable/c/650a2e79d176db753654d3dde88e53a2033036ac	2022-09-28
https://git.kernel.org/stable/c/db7ba07108a48c0f95b74fabbfd5d63e924f992d	2022-09-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.25 < 4.9.330 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.25 < 4.9.330"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.25 < 4.14.295 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.25 < 4.14.295"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.25 < 4.19.260 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.25 < 4.19.260"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.25 < 5.4.215 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.25 < 5.4.215"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.25 < 5.10.146 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.25 < 5.10.146"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.25 < 5.15.71 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.25 < 5.15.71"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.25 < 5.19.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.25 < 5.19.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.25 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.25 < 6.0"		en		Affected