{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-48843", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.910Z", "datePublished": "2024-07-16T12:25:13.159Z", "dateUpdated": "2025-12-23T13:20:47.401Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-23T13:20:47.401Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vrr: Set VRR capable prop only if it is attached to connector\n\nVRR capable property is not attached by default to the connector\nIt is attached only if VRR is supported.\nSo if the driver tries to call drm core set prop function without\nit being attached that causes NULL dereference."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/drm_connector.c"], "versions": [{"version": "9bc34b4d0f3cb368241684cc5e0445d435dded44", "lessThan": "62929726ef0ec72cbbe9440c5d125d4278b99894", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/drm_connector.c"], "versions": [{"version": "5.18", "status": "affected"}, {"version": "0", "lessThan": "5.18", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThan": "5.18", "status": "unaffected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "5.17"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/62929726ef0ec72cbbe9440c5d125d4278b99894"}], "title": "drm/vrr: Set VRR capable prop only if it is attached to connector", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.600Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/941e8bcd2b2ba95490738e33dfeca27168452779", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0ba557d330946c23559aaea2d51ea649fdeca98a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3534c5c005ef99a1804ed50b8a72cdae254cabb5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/85271e92ae4f13aa679acaa6cf76b3c36bcb7bab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/62929726ef0ec72cbbe9440c5d125d4278b99894", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48843", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:56:47.784580Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:09.527Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/941e8bcd2b2ba95490738e33dfeca27168452779", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0ba557d330946c23559aaea2d51ea649fdeca98a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3534c5c005ef99a1804ed50b8a72cdae254cabb5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/85271e92ae4f13aa679acaa6cf76b3c36bcb7bab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/62929726ef0ec72cbbe9440c5d125d4278b99894", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.600Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48843", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:56:47.784580Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:21.026Z"}}], "cna": {"title": "drm/vrr: Set VRR capable prop only if it is attached to connector", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9bc34b4d0f3cb368241684cc5e0445d435dded44", "lessThan": "62929726ef0ec72cbbe9440c5d125d4278b99894", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/drm_connector.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.18"}, {"status": "unaffected", "version": "0", "lessThan": "5.18", "versionType": "semver"}, {"status": "unaffected", "version": "5.17", "lessThan": "5.18", "versionType": "semver"}], "programFiles": ["drivers/gpu/drm/drm_connector.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/62929726ef0ec72cbbe9440c5d125d4278b99894"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vrr: Set VRR capable prop only if it is attached to connector\n\nVRR capable property is not attached by default to the connector\nIt is attached only if VRR is supported.\nSo if the driver tries to call drm core set prop function without\nit being attached that causes NULL dereference."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.17", "versionStartIncluding": "5.18"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-23T13:20:47.401Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48843", "state": "PUBLISHED", "dateUpdated": "2025-12-23T13:20:47.401Z", "dateReserved": "2024-07-16T11:38:08.910Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-16T12:25:13.159Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "28FAD0CF-DA8C-481E-B208-7F00220C8838", "versionEndExcluding": "5.4.186", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "295C9D5D-520B-4D0F-A53A-7C514F05B3D2", "versionEndExcluding": "5.10.107", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1745C4F-8278-4F2E-9239-53C59154A03D", "versionEndExcluding": "5.15.30", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDF25425-C006-411E-B842-0F12075B8C13", "versionEndExcluding": "5.16.16", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vrr: Set VRR capable prop only if it is attached to connector\n\nVRR capable property is not attached by default to the connector\nIt is attached only if VRR is supported.\nSo if the driver tries to call drm core set prop function without\nit being attached that causes NULL dereference."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/vrr: establezca la propiedad con capacidad de VRR solo si est\u00e1 conectada al conector. La propiedad con capacidad de VRR no est\u00e1 conectada de manera predeterminada al conector. Se conecta solo si se admite VRR. Entonces, si el controlador intenta llamar a la funci\u00f3n drm core set prop sin que est\u00e9 adjunta, eso causa una desreferencia NULL."}], "id": "CVE-2022-48843", "lastModified": "2025-12-23T14:16:01.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-16T13:15:11.650", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/62929726ef0ec72cbbe9440c5d125d4278b99894"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0ba557d330946c23559aaea2d51ea649fdeca98a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3534c5c005ef99a1804ed50b8a72cdae254cabb5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/62929726ef0ec72cbbe9440c5d125d4278b99894"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/85271e92ae4f13aa679acaa6cf76b3c36bcb7bab"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/941e8bcd2b2ba95490738e33dfeca27168452779"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/vrr: Set VRR capable prop only if it is attached to connector", "id": "2298184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298184"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/vrr: Set VRR capable prop only if it is attached to connector\nVRR capable property is not attached by default to the connector\nIt is attached only if VRR is supported.\nSo if the driver tries to call drm core set prop function without\nit being attached that causes NULL dereference.", "A possible NULL pointer dereference flaw was found in drivers/gpu/drm/drm_connector.c in the Linux kernel. This issue may lead to instability."], "name": "CVE-2022-48843", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48843\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48843\nhttps://lore.kernel.org/linux-cve-announce/2024071623-CVE-2022-48843-b23b@gregkh/T"], "threat_severity": "Moderate"}

{}