{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48879", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.923Z", "datePublished": "2024-08-21T06:10:10.454Z", "dateUpdated": "2024-12-19T08:09:43.594Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:09:43.594Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix NULL-deref in init error path\n\nIn cases where runtime services are not supported or have been disabled,\nthe runtime services workqueue will never have been allocated.\n\nDo not try to destroy the workqueue unconditionally in the unlikely\nevent that EFI initialisation fails to avoid dereferencing a NULL\npointer."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/efi/efi.c"], "versions": [{"version": "2ff3c97b47521d6700cc6485c7935908dcd2c27c", "lessThan": "585a0b2b3ae7903c6abee3087d09c69e955a7794", "status": "affected", "versionType": "git"}, {"version": "5167f194da6947e19a3e970485ee3ccb44f7958d", "lessThan": "5fcf75a8a4c3e7ee9122d143684083c9faf20452", "status": "affected", "versionType": "git"}, {"version": "98086df8b70c06234a8f4290c46064e44dafa0ed", "lessThan": "4ca71bc0e1995d15486cd7b60845602a28399cb5", "status": "affected", "versionType": "git"}, {"version": "98086df8b70c06234a8f4290c46064e44dafa0ed", "lessThan": "e2ea55564229e4bea1474af15b111b3a3043b76f", "status": "affected", "versionType": "git"}, {"version": "98086df8b70c06234a8f4290c46064e44dafa0ed", "lessThan": "adc96d30f6503d30dc68670c013716f1d9fcc747", "status": "affected", "versionType": "git"}, {"version": "98086df8b70c06234a8f4290c46064e44dafa0ed", "lessThan": "703c13fe3c9af557d312f5895ed6a5fda2711104", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/efi/efi.c"], "versions": [{"version": "5.9", "status": "affected"}, {"version": "0", "lessThan": "5.9", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.270", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.229", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.164", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.89", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.7", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794"}, {"url": "https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452"}, {"url": "https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a28399cb5"}, {"url": "https://git.kernel.org/stable/c/e2ea55564229e4bea1474af15b111b3a3043b76f"}, {"url": "https://git.kernel.org/stable/c/adc96d30f6503d30dc68670c013716f1d9fcc747"}, {"url": "https://git.kernel.org/stable/c/703c13fe3c9af557d312f5895ed6a5fda2711104"}], "title": "efi: fix NULL-deref in init error path", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48879", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:05:03.005794Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:32:51.607Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48879", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:05:03.005794Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:11.763Z"}}], "cna": {"title": "efi: fix NULL-deref in init error path", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2ff3c97b47521d6700cc6485c7935908dcd2c27c", "lessThan": "585a0b2b3ae7903c6abee3087d09c69e955a7794", "versionType": "git"}, {"status": "affected", "version": "5167f194da6947e19a3e970485ee3ccb44f7958d", "lessThan": "5fcf75a8a4c3e7ee9122d143684083c9faf20452", "versionType": "git"}, {"status": "affected", "version": "98086df8b70c06234a8f4290c46064e44dafa0ed", "lessThan": "4ca71bc0e1995d15486cd7b60845602a28399cb5", "versionType": "git"}, {"status": "affected", "version": "98086df8b70c06234a8f4290c46064e44dafa0ed", "lessThan": "e2ea55564229e4bea1474af15b111b3a3043b76f", "versionType": "git"}, {"status": "affected", "version": "98086df8b70c06234a8f4290c46064e44dafa0ed", "lessThan": "adc96d30f6503d30dc68670c013716f1d9fcc747", "versionType": "git"}, {"status": "affected", "version": "98086df8b70c06234a8f4290c46064e44dafa0ed", "lessThan": "703c13fe3c9af557d312f5895ed6a5fda2711104", "versionType": "git"}], "programFiles": ["drivers/firmware/efi/efi.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.9"}, {"status": "unaffected", "version": "0", "lessThan": "5.9", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.270", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.229", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.164", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.89", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.7", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.2", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/firmware/efi/efi.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794"}, {"url": "https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452"}, {"url": "https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a28399cb5"}, {"url": "https://git.kernel.org/stable/c/e2ea55564229e4bea1474af15b111b3a3043b76f"}, {"url": "https://git.kernel.org/stable/c/adc96d30f6503d30dc68670c013716f1d9fcc747"}, {"url": "https://git.kernel.org/stable/c/703c13fe3c9af557d312f5895ed6a5fda2711104"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix NULL-deref in init error path\n\nIn cases where runtime services are not supported or have been disabled,\nthe runtime services workqueue will never have been allocated.\n\nDo not try to destroy the workqueue unconditionally in the unlikely\nevent that EFI initialisation fails to avoid dereferencing a NULL\npointer."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:09:43.594Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48879", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:09:43.594Z", "dateReserved": "2024-07-16T11:38:08.923Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-21T06:10:10.454Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "843ACA9C-4BFF-4EF1-A27D-0641A19FAF65", "versionEndExcluding": "4.19.270", "versionStartIncluding": "4.19.142", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7133953F-C21D-45F4-951D-5FFE67BAF7C1", "versionEndExcluding": "5.4.229", "versionStartIncluding": "5.4.61", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "55D876B2-AC1A-44CD-BD2B-0E1D3EBBB963", "versionEndExcluding": "5.10.164", "versionStartIncluding": "5.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E706841F-E788-4316-9B05-DA8EB60CE6B3", "versionEndExcluding": "5.15.89", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9275C81F-AE96-4CDB-AD20-7DBD36E5D909", "versionEndExcluding": "6.1.7", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: fix NULL-deref in init error path\n\nIn cases where runtime services are not supported or have been disabled,\nthe runtime services workqueue will never have been allocated.\n\nDo not try to destroy the workqueue unconditionally in the unlikely\nevent that EFI initialisation fails to avoid dereferencing a NULL\npointer."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efi: corrige NULL-deref en la ruta de error de inicio En los casos en los que los servicios de ejecuci\u00f3n no son compatibles o se han deshabilitado, la cola de trabajo de los servicios de ejecuci\u00f3n nunca se habr\u00e1 asignado. No intente destruir la cola de trabajo incondicionalmente en el improbable caso de que la inicializaci\u00f3n de EFI no pueda evitar la desreferenciaci\u00f3n de un puntero NULL."}], "id": "CVE-2022-48879", "lastModified": "2024-08-29T02:39:34.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-21T07:15:04.690", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a28399cb5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/703c13fe3c9af557d312f5895ed6a5fda2711104"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/adc96d30f6503d30dc68670c013716f1d9fcc747"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e2ea55564229e4bea1474af15b111b3a3043b76f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: efi: fix NULL-deref in init error path", "id": "2306400", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2306400"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nefi: fix NULL-deref in init error path\nIn cases where runtime services are not supported or have been disabled,\nthe runtime services workqueue will never have been allocated.\nDo not try to destroy the workqueue unconditionally in the unlikely\nevent that EFI initialisation fails to avoid dereferencing a NULL\npointer."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48879", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48879\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48879\nhttps://lore.kernel.org/linux-cve-announce/2024082107-CVE-2022-48879-63f6@gregkh/T"], "statement": "Following issue marked as moderate with \"not affected\" for Red Hat Enterprise Linux, as it is not vulnerable to this CVE. This is because the CVE does not impact the versions or configurations of the Linux kernel used in Red Hat's distributions. Additionally, some RHEL versions may be marked as \"will not fix\" due to the minimal impact of the issue, and no fix will be provided.", "threat_severity": "Moderate"}