CVE-2022-48879

efi: fix NULL-deref in init error path

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

efi: fix NULL-deref in init error path

In cases where runtime services are not supported or have been disabled,
the runtime services workqueue will never have been allocated.

Do not try to destroy the workqueue unconditionally in the unlikely
event that EFI initialisation fails to avoid dereferencing a NULL
pointer.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-16 CVE Reserved
2024-08-21 CVE Published
2024-08-29 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/2ff3c97b47521d6700cc6485c7935908dcd2c27c	Vuln. Introduced
https://git.kernel.org/stable/c/5167f194da6947e19a3e970485ee3ccb44f7958d	Vuln. Introduced
https://git.kernel.org/stable/c/98086df8b70c06234a8f4290c46064e44dafa0ed	Vuln. Introduced
https://git.kernel.org/stable/c/f591a42b8f9a9d20e01d0462f4f55d2176ac52ec	Vuln. Introduced
https://git.kernel.org/stable/c/e6584124b9823151ef586d10dedf565ade50cea6	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794	2023-01-18
https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452	2023-01-18
https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a28399cb5	2023-01-18
https://git.kernel.org/stable/c/e2ea55564229e4bea1474af15b111b3a3043b76f	2023-01-18
https://git.kernel.org/stable/c/adc96d30f6503d30dc68670c013716f1d9fcc747	2023-01-18
https://git.kernel.org/stable/c/703c13fe3c9af557d312f5895ed6a5fda2711104	2023-01-03

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.142 < 4.19.270 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.142 < 4.19.270"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.61 < 5.4.229 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.61 < 5.4.229"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.10.164 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.10.164"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.15.89 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.15.89"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 6.1.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 6.1.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 6.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.7.18 Search vendor "Linux" for product "Linux Kernel" and version "5.7.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.8.4 Search vendor "Linux" for product "Linux Kernel" and version "5.8.4"		en		Affected