CVE-2022-48749 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc The function performs a check on the "ctx" input parameter, however, it is used before the check. Initialize the "base" variable after the sanity check to avoid a possible NULL pointer dereference. Addresses-Coverity-ID: 1493866 ("Null pointer dereference")

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc1::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba
https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476
https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298
https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c
https://lore.kernel.org/linux-cve-announce/2024062005-CVE-2022-48749-0566@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-48749
https://www.cve.org/CVERecord?id=CVE-2022-48749

History

Wed, 18 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.17:rc1::::::
Vendors & Products		Linux Linux linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-20T11:13:31.274Z

Updated: 2024-08-03T15:25:01.560Z

Reserved: 2024-06-20T11:09:39.055Z

Link: CVE-2022-48749

Vulnrichment

Updated: 2024-08-03T15:25:01.560Z

NVD

Status : Analyzed

Published: 2024-06-20T12:15:13.143

Modified: 2024-09-18T16:05:04.623

Link: CVE-2022-48749

Redhat

Severity : Low

Publid Date: 2024-06-20T00:00:00Z

Links: CVE-2022-48749 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48749", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-20T11:09:39.055Z", "datePublished": "2024-06-20T11:13:31.274Z", "dateUpdated": "2024-08-03T15:25:01.560Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-06-20T11:14:41.441Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc\n\nThe function performs a check on the \"ctx\" input parameter, however, it\nis used before the check.\n\nInitialize the \"base\" variable after the sanity check to avoid a\npossible NULL pointer dereference.\n\nAddresses-Coverity-ID: 1493866 (\"Null pointer dereference\")"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c"], "versions": [{"version": "4259ff7ae509", "lessThan": "93a6e920d8cc", "status": "affected", "versionType": "git"}, {"version": "4259ff7ae509", "lessThan": "8f069f6dde51", "status": "affected", "versionType": "git"}, {"version": "4259ff7ae509", "lessThan": "1ebc18836d5d", "status": "affected", "versionType": "git"}, {"version": "4259ff7ae509", "lessThan": "170b22234d54", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.96", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.19", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16.5", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c"}, {"url": "https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298"}, {"url": "https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476"}, {"url": "https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba"}], "title": "drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc", "x_generator": {"engine": "bippy-7d53e8ef8be4"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T13:33:31.394411Z", "id": "CVE-2022-48749", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T13:33:38.927Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.560Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.560Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48749", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-20T13:33:31.394411Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T13:33:36.214Z"}}], "cna": {"title": "drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4259ff7ae509", "lessThan": "93a6e920d8cc", "versionType": "git"}, {"status": "affected", "version": "4259ff7ae509", "lessThan": "8f069f6dde51", "versionType": "git"}, {"status": "affected", "version": "4259ff7ae509", "lessThan": "1ebc18836d5d", "versionType": "git"}, {"status": "affected", "version": "4259ff7ae509", "lessThan": "170b22234d54", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.8"}, {"status": "unaffected", "version": "0", "lessThan": "5.8", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.96", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.19", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.5", "versionType": "custom", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c"}, {"url": "https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298"}, {"url": "https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476"}, {"url": "https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba"}], "x_generator": {"engine": "bippy-7d53e8ef8be4"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc\n\nThe function performs a check on the \"ctx\" input parameter, however, it\nis used before the check.\n\nInitialize the \"base\" variable after the sanity check to avoid a\npossible NULL pointer dereference.\n\nAddresses-Coverity-ID: 1493866 (\"Null pointer dereference\")"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-06-20T11:14:41.441Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48749", "state": "PUBLISHED", "dateUpdated": "2024-08-03T15:25:01.560Z", "dateReserved": "2024-06-20T11:09:39.055Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-20T11:13:31.274Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "109892DA-3CB1-4C6F-9865-8B8B5EC444F4", "versionEndExcluding": "5.10.96", "versionStartIncluding": "5.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF69DD7C-FD57-4914-ABB0-FAEF87B0289D", "versionEndExcluding": "5.15.19", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AD9E77E-B27E-450C-8FD8-B64EC5FB002D", "versionEndExcluding": "5.16.5", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc\n\nThe function performs a check on the \"ctx\" input parameter, however, it\nis used before the check.\n\nInitialize the \"base\" variable after the sanity check to avoid a\npossible NULL pointer dereference.\n\nAddresses-Coverity-ID: 1493866 (\"Null pointer dereference\")"}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm/msm/dpu: comprobaci\u00f3n de par\u00e1metro no v\u00e1lido en dpu_setup_dspp_pcc La funci\u00f3n realiza una comprobaci\u00f3n del par\u00e1metro de entrada \"ctx\", sin embargo, se utiliza antes de la comprobaci\u00f3n. Inicialice la variable \"base\" despu\u00e9s de la verificaci\u00f3n de cordura para evitar una posible desreferencia del puntero NULL. Direcciones-Coverity-ID: 1493866 (\"Desreferencia de puntero nulo\")"}], "id": "CVE-2022-48749", "lastModified": "2024-09-18T16:05:04.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-20T12:15:13.143", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc", "id": "2293310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293310"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc\nThe function performs a check on the \"ctx\" input parameter, however, it\nis used before the check.\nInitialize the \"base\" variable after the sanity check to avoid a\npossible NULL pointer dereference.\nAddresses-Coverity-ID: 1493866 (\"Null pointer dereference\")", "A NULL pointer dereference flaw was found in the Linux kernel. This issue is due to an invalid parameter check in dpu_setup_dspp_pcc."], "name": "CVE-2022-48749", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48749\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48749\nhttps://lore.kernel.org/linux-cve-announce/2024062005-CVE-2022-48749-0566@gregkh/T"], "statement": "No Red Hat Products are affected by this vulnerability.", "threat_severity": "Low", "upstream_fix": "kernel 5.10.96, kernel 5.15.19, kernel 5.16.5, kernel 5.17"}