{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48824", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.902Z", "datePublished": "2024-07-16T11:44:09.970Z", "dateUpdated": "2024-09-11T17:34:11.794Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-16T11:44:09.970Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: myrs: Fix crash in error case\n\nIn myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fails\nwith non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and\ncrash the kernel.\n\n[ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A\n[ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller\n[ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 1.110774] Call Trace:\n[ 1.110950] myrs_cleanup+0xe4/0x150 [myrs]\n[ 1.111135] myrs_probe.cold+0x91/0x56a [myrs]\n[ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs]\n[ 1.111500] local_pci_probe+0x48/0x90"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/myrs.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "5c5ceea00c8c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0e42c4a3d732", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "6207f35c213f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1d6cd26605b4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4db09593af0b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/myrs.c"], "versions": [{"version": "5.4.180", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.101", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.24", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16.10", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/5c5ceea00c8c9df150708e66cb9f2891192c1162"}, {"url": "https://git.kernel.org/stable/c/0e42c4a3d732517edc3766dd45a14e60d29dd929"}, {"url": "https://git.kernel.org/stable/c/6207f35c213f6cb2fc3f13b5e77f08c710e1de19"}, {"url": "https://git.kernel.org/stable/c/1d6cd26605b4d662063a83c15c776b5299a1cb23"}, {"url": "https://git.kernel.org/stable/c/4db09593af0b0b4d7d4805ebb3273df51d7cc30d"}], "title": "scsi: myrs: Fix crash in error case", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.570Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/5c5ceea00c8c9df150708e66cb9f2891192c1162", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0e42c4a3d732517edc3766dd45a14e60d29dd929", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6207f35c213f6cb2fc3f13b5e77f08c710e1de19", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1d6cd26605b4d662063a83c15c776b5299a1cb23", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4db09593af0b0b4d7d4805ebb3273df51d7cc30d", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48824", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:57:50.039278Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:11.794Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48824", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.902Z", "datePublished": "2024-07-16T11:44:09.970Z", "dateUpdated": "2024-08-03T15:25:01.570Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-16T11:44:09.970Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: myrs: Fix crash in error case\n\nIn myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fails\nwith non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and\ncrash the kernel.\n\n[ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A\n[ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller\n[ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 1.110774] Call Trace:\n[ 1.110950] myrs_cleanup+0xe4/0x150 [myrs]\n[ 1.111135] myrs_probe.cold+0x91/0x56a [myrs]\n[ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs]\n[ 1.111500] local_pci_probe+0x48/0x90"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/myrs.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "5c5ceea00c8c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0e42c4a3d732", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "6207f35c213f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "1d6cd26605b4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4db09593af0b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/myrs.c"], "versions": [{"version": "5.4.180", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.101", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.24", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16.10", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/5c5ceea00c8c9df150708e66cb9f2891192c1162"}, {"url": "https://git.kernel.org/stable/c/0e42c4a3d732517edc3766dd45a14e60d29dd929"}, {"url": "https://git.kernel.org/stable/c/6207f35c213f6cb2fc3f13b5e77f08c710e1de19"}, {"url": "https://git.kernel.org/stable/c/1d6cd26605b4d662063a83c15c776b5299a1cb23"}, {"url": "https://git.kernel.org/stable/c/4db09593af0b0b4d7d4805ebb3273df51d7cc30d"}], "title": "scsi: myrs: Fix crash in error case", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48824", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:57:50.039278Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:21.293Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "48DC4419-4891-4731-891B-B538A96B7D58", "versionEndExcluding": "5.4.180", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A154171E-A3B9-42BE-9E97-C9B0EA43FC54", "versionEndExcluding": "5.10.101", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "866451F0-299E-416C-B0B8-AE6B33E62CCA", "versionEndExcluding": "5.15.24", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "679523BA-1392-404B-AB85-F5A5408B1ECC", "versionEndExcluding": "5.16.10", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: myrs: Fix crash in error case\n\nIn myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fails\nwith non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and\ncrash the kernel.\n\n[ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A\n[ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller\n[ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 1.110774] Call Trace:\n[ 1.110950] myrs_cleanup+0xe4/0x150 [myrs]\n[ 1.111135] myrs_probe.cold+0x91/0x56a [myrs]\n[ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs]\n[ 1.111500] local_pci_probe+0x48/0x90"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: myrs: soluciona el fallo en caso de error En myrs_detect(), cs->disable_intr es NULL cuando privdata->hw_init() falla con un valor distinto de cero. En este caso, myrs_cleanup(cs) llamar\u00e1 a un ptr NULL y bloquear\u00e1 el kernel. [1.105606] myrs 0000:00:03.0: Error de inicializaci\u00f3n desconocido 5A [1.105872] myrs 0000:00:03.0: Error al inicializar el controlador [1.106082] ERROR: desreferencia del puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000000 [1.110774] Seguimiento de llamadas : [1.110950] myrs_cleanup+0xe4/0x150 [myrs] [ 1.111135] myrs_probe.cold+0x91/0x56a [myrs] [ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [a\u00f1os] [ 1.111500] local_pci_probe+0x48/0x90"}], "id": "CVE-2022-48824", "lastModified": "2024-08-07T19:14:11.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-16T12:15:06.210", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0e42c4a3d732517edc3766dd45a14e60d29dd929"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1d6cd26605b4d662063a83c15c776b5299a1cb23"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4db09593af0b0b4d7d4805ebb3273df51d7cc30d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5c5ceea00c8c9df150708e66cb9f2891192c1162"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6207f35c213f6cb2fc3f13b5e77f08c710e1de19"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: scsi: myrs: Fix crash in error case", "id": "2298163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298163"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nscsi: myrs: Fix crash in error case\nIn myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fails\nwith non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and\ncrash the kernel.\n[ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A\n[ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller\n[ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 1.110774] Call Trace:\n[ 1.110950] myrs_cleanup+0xe4/0x150 [myrs]\n[ 1.111135] myrs_probe.cold+0x91/0x56a [myrs]\n[ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs]\n[ 1.111500] local_pci_probe+0x48/0x90"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48824", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48824\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48824\nhttps://lore.kernel.org/linux-cve-announce/2024071651-CVE-2022-48824-2c1e@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.4.180, kernel 5.10.101, kernel 5.15.24, kernel 5.16.10, kernel 5.17"}