{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48749", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-20T11:09:39.055Z", "datePublished": "2024-06-20T11:13:31.274Z", "dateUpdated": "2025-05-04T08:22:18.647Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:22:18.647Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc\n\nThe function performs a check on the \"ctx\" input parameter, however, it\nis used before the check.\n\nInitialize the \"base\" variable after the sanity check to avoid a\npossible NULL pointer dereference.\n\nAddresses-Coverity-ID: 1493866 (\"Null pointer dereference\")"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c"], "versions": [{"version": "4259ff7ae509ed880b3a7bb685972c3a3bf4b74b", "lessThan": "93a6e920d8ccb4df846c03b6e72f7e08843d294c", "status": "affected", "versionType": "git"}, {"version": "4259ff7ae509ed880b3a7bb685972c3a3bf4b74b", "lessThan": "8f069f6dde518dfebe86e848508c07e497bd9298", "status": "affected", "versionType": "git"}, {"version": "4259ff7ae509ed880b3a7bb685972c3a3bf4b74b", "lessThan": "1ebc18836d5df09061657f8c548e594cbb519476", "status": "affected", "versionType": "git"}, {"version": "4259ff7ae509ed880b3a7bb685972c3a3bf4b74b", "lessThan": "170b22234d5495f5e0844246e23f004639ee89ba", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.96", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.19", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.5", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.10.96"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.15.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.16.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.17"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c"}, {"url": "https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298"}, {"url": "https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476"}, {"url": "https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba"}], "title": "drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T13:33:31.394411Z", "id": "CVE-2022-48749", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T13:33:38.927Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.560Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.560Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48749", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-20T13:33:31.394411Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T13:33:36.214Z"}}], "cna": {"title": "drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4259ff7ae509ed880b3a7bb685972c3a3bf4b74b", "lessThan": "93a6e920d8ccb4df846c03b6e72f7e08843d294c", "versionType": "git"}, {"status": "affected", "version": "4259ff7ae509ed880b3a7bb685972c3a3bf4b74b", "lessThan": "8f069f6dde518dfebe86e848508c07e497bd9298", "versionType": "git"}, {"status": "affected", "version": "4259ff7ae509ed880b3a7bb685972c3a3bf4b74b", "lessThan": "1ebc18836d5df09061657f8c548e594cbb519476", "versionType": "git"}, {"status": "affected", "version": "4259ff7ae509ed880b3a7bb685972c3a3bf4b74b", "lessThan": "170b22234d5495f5e0844246e23f004639ee89ba", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.8"}, {"status": "unaffected", "version": "0", "lessThan": "5.8", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.96", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.19", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.5", "versionType": "semver", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c"}, {"url": "https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298"}, {"url": "https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476"}, {"url": "https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc\n\nThe function performs a check on the \"ctx\" input parameter, however, it\nis used before the check.\n\nInitialize the \"base\" variable after the sanity check to avoid a\npossible NULL pointer dereference.\n\nAddresses-Coverity-ID: 1493866 (\"Null pointer dereference\")"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.96", "versionStartIncluding": "5.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.19", "versionStartIncluding": "5.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.16.5", "versionStartIncluding": "5.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.17", "versionStartIncluding": "5.8"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:22:18.647Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48749", "state": "PUBLISHED", "dateUpdated": "2025-05-04T08:22:18.647Z", "dateReserved": "2024-06-20T11:09:39.055Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-20T11:13:31.274Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "109892DA-3CB1-4C6F-9865-8B8B5EC444F4", "versionEndExcluding": "5.10.96", "versionStartIncluding": "5.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF69DD7C-FD57-4914-ABB0-FAEF87B0289D", "versionEndExcluding": "5.15.19", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AD9E77E-B27E-450C-8FD8-B64EC5FB002D", "versionEndExcluding": "5.16.5", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc\n\nThe function performs a check on the \"ctx\" input parameter, however, it\nis used before the check.\n\nInitialize the \"base\" variable after the sanity check to avoid a\npossible NULL pointer dereference.\n\nAddresses-Coverity-ID: 1493866 (\"Null pointer dereference\")"}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm/msm/dpu: comprobaci\u00f3n de par\u00e1metro no v\u00e1lido en dpu_setup_dspp_pcc La funci\u00f3n realiza una comprobaci\u00f3n del par\u00e1metro de entrada \"ctx\", sin embargo, se utiliza antes de la comprobaci\u00f3n. Inicialice la variable \"base\" despu\u00e9s de la verificaci\u00f3n de cordura para evitar una posible desreferencia del puntero NULL. Direcciones-Coverity-ID: 1493866 (\"Desreferencia de puntero nulo\")"}], "id": "CVE-2022-48749", "lastModified": "2024-11-21T07:33:55.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-20T12:15:13.143", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc", "id": "2293310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293310"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc\nThe function performs a check on the \"ctx\" input parameter, however, it\nis used before the check.\nInitialize the \"base\" variable after the sanity check to avoid a\npossible NULL pointer dereference.\nAddresses-Coverity-ID: 1493866 (\"Null pointer dereference\")", "A NULL pointer dereference flaw was found in the Linux kernel. This issue is due to an invalid parameter check in dpu_setup_dspp_pcc."], "name": "CVE-2022-48749", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48749\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48749\nhttps://lore.kernel.org/linux-cve-announce/2024062005-CVE-2022-48749-0566@gregkh/T"], "statement": "No Red Hat Products are affected by this vulnerability.", "threat_severity": "Low"}

{}