CVE-2022-48798 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: s390/cio: verify the driver availability for path_event call If no driver is attached to a device or the driver does not provide the path_event function, an FCES path-event on this device could end up in a kernel-panic. Verify the driver availability before the path_event function call.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/a0619027f11590b2070624297530c34dc7f91bcd
https://git.kernel.org/stable/c/dd9cb842fa9d90653a9b48aba52f89c069f3bc50
https://git.kernel.org/stable/c/fe990b7bf6ac93f1d850d076b8f0e758268aa4ab
https://lore.kernel.org/linux-cve-announce/2024071643-CVE-2022-48798-2628@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-48798
https://www.cve.org/CVERecord?id=CVE-2022-48798

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 22:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-99
Metrics	threat_severity `Moderate`	threat_severity `Low`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-16T11:43:52.230Z

Updated: 2024-11-04T12:16:46.575Z

Reserved: 2024-07-16T11:38:08.895Z

Link: CVE-2022-48798

Vulnrichment

Updated: 2024-08-03T15:25:01.555Z

NVD

Status : Awaiting Analysis

Published: 2024-07-16T12:15:04.430

Modified: 2024-07-16T13:43:58.773

Link: CVE-2022-48798

Redhat

Severity : Low

Publid Date: 2024-07-16T00:00:00Z

Links: CVE-2022-48798 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48798", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.895Z", "datePublished": "2024-07-16T11:43:52.230Z", "dateUpdated": "2024-11-04T12:16:46.575Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:16:46.575Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cio: verify the driver availability for path_event call\n\nIf no driver is attached to a device or the driver does not provide the\npath_event function, an FCES path-event on this device could end up in a\nkernel-panic. Verify the driver availability before the path_event\nfunction call."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/s390/cio/device.c"], "versions": [{"version": "32ef938815c1", "lessThan": "fe990b7bf6ac", "status": "affected", "versionType": "git"}, {"version": "32ef938815c1", "lessThan": "a0619027f115", "status": "affected", "versionType": "git"}, {"version": "32ef938815c1", "lessThan": "dd9cb842fa9d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/s390/cio/device.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.24", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.10", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/fe990b7bf6ac93f1d850d076b8f0e758268aa4ab"}, {"url": "https://git.kernel.org/stable/c/a0619027f11590b2070624297530c34dc7f91bcd"}, {"url": "https://git.kernel.org/stable/c/dd9cb842fa9d90653a9b48aba52f89c069f3bc50"}], "title": "s390/cio: verify the driver availability for path_event call", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.555Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fe990b7bf6ac93f1d850d076b8f0e758268aa4ab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a0619027f11590b2070624297530c34dc7f91bcd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dd9cb842fa9d90653a9b48aba52f89c069f3bc50", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48798", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:59:12.981222Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:14.715Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/fe990b7bf6ac93f1d850d076b8f0e758268aa4ab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a0619027f11590b2070624297530c34dc7f91bcd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dd9cb842fa9d90653a9b48aba52f89c069f3bc50", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.555Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48798", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:59:12.981222Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:21.568Z"}}], "cna": {"title": "s390/cio: verify the driver availability for path_event call", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "32ef938815c1", "lessThan": "fe990b7bf6ac", "versionType": "git"}, {"status": "affected", "version": "32ef938815c1", "lessThan": "a0619027f115", "versionType": "git"}, {"status": "affected", "version": "32ef938815c1", "lessThan": "dd9cb842fa9d", "versionType": "git"}], "programFiles": ["drivers/s390/cio/device.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.11"}, {"status": "unaffected", "version": "0", "lessThan": "5.11", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.24", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.10", "versionType": "semver", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/s390/cio/device.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/fe990b7bf6ac93f1d850d076b8f0e758268aa4ab"}, {"url": "https://git.kernel.org/stable/c/a0619027f11590b2070624297530c34dc7f91bcd"}, {"url": "https://git.kernel.org/stable/c/dd9cb842fa9d90653a9b48aba52f89c069f3bc50"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cio: verify the driver availability for path_event call\n\nIf no driver is attached to a device or the driver does not provide the\npath_event function, an FCES path-event on this device could end up in a\nkernel-panic. Verify the driver availability before the path_event\nfunction call."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:16:46.575Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48798", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:16:46.575Z", "dateReserved": "2024-07-16T11:38:08.895Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-16T11:43:52.230Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: s390/cio: verify the driver availability for path_event call", "id": "2298134", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298134"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ns390/cio: verify the driver availability for path_event call\nIf no driver is attached to a device or the driver does not provide the\npath_event function, an FCES path-event on this device could end up in a\nkernel-panic. Verify the driver availability before the path_event\nfunction call."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48798", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48798\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48798\nhttps://lore.kernel.org/linux-cve-announce/2024071643-CVE-2022-48798-2628@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.15.24, kernel 5.16.10, kernel 5.17"}