CVE-2022-48772

media: lgdt3306a: Add a check against null-pointer-def

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

media: lgdt3306a: Add a check against null-pointer-def

The driver should check whether the client provides the platform_data.

The following log reveals it:

[ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40
[ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414
[ 29.612820] Call Trace:
[ 29.613030] <TASK>
[ 29.613201] dump_stack_lvl+0x56/0x6f
[ 29.613496] ? kmemdup+0x30/0x40
[ 29.613754] print_report.cold+0x494/0x6b7
[ 29.614082] ? kmemdup+0x30/0x40
[ 29.614340] kasan_report+0x8a/0x190
[ 29.614628] ? kmemdup+0x30/0x40
[ 29.614888] kasan_check_range+0x14d/0x1d0
[ 29.615213] memcpy+0x20/0x60
[ 29.615454] kmemdup+0x30/0x40
[ 29.615700] lgdt3306a_probe+0x52/0x310
[ 29.616339] i2c_device_probe+0x951/0xa90

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-20 CVE Reserved
2024-06-25 CVE Published
2024-09-04 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8915dcd29a82096acacf54364a8425363782aea0	2024-06-16
https://git.kernel.org/stable/c/b479fd59a1f4a342b69fce34f222d93bf791dca4	2024-06-16
https://git.kernel.org/stable/c/526238d32c3acc3d597fd8c9a34652bfe9086cea	2024-06-16
https://git.kernel.org/stable/c/d082757b8359201c3864323cea4b91ea30a1e676	2024-06-16
https://git.kernel.org/stable/c/7d12e918f2994c883f41f22552a61b9310fa1e87	2024-06-16
https://git.kernel.org/stable/c/8e1e00718d0d9dd83337300572561e30b9c0d115	2024-06-16
https://git.kernel.org/stable/c/c1115ddbda9c930fba0fdd062e7a8873ebaf898d	2024-04-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.278 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.278"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.219 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.219"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.161 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.161"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.94 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.94"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.34 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.34"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.9.5 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.10 Search vendor "Linux" for product "Linux Kernel" and version " < 6.10"		en		Affected