CVE-2022-48972

In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114 Call Trace: <TASK> raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87 call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944 unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982 unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879 register_netdevice+0x9a8/0xb90 net/core/dev.c:10083 ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659 ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229 mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316 ieee802154_if_add() allocates wpan_dev as netdev's private data, but not init the list in struct wpan_dev. cfg802154_netdev_notifier_call() manage the list when device register/unregister, and may lead to null-ptr-deref. Use INIT_LIST_HEAD() on it to initialize it correctly.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f	Patch
https://git.kernel.org/stable/c/42c319635c0cf7eb36eccac6cda76532f47b61a3	Patch
https://git.kernel.org/stable/c/623918f40fa68e3bb21312a3fafb90f491bf5358	Patch
https://git.kernel.org/stable/c/7410f4d1221bb182510b7778ab6eefa8b9b7102d	Patch
https://git.kernel.org/stable/c/9980a3ea20de40c83817877106c909cb032692d2	Patch
https://git.kernel.org/stable/c/a110287ef4a423980309490df632e1c1e73b3dc9	Patch
https://git.kernel.org/stable/c/b3d72d3135d2ef68296c1ee174436efd65386f04	Patch
https://git.kernel.org/stable/c/f00c84fb1635c27ba24ec5df65d5bd7d7dc00008	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc8::::::

History

25 Oct 2024, 15:22

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f -~~	() https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f - Patch
References	~~() https://git.kernel.org/stable/c/42c319635c0cf7eb36eccac6cda76532f47b61a3 -~~	() https://git.kernel.org/stable/c/42c319635c0cf7eb36eccac6cda76532f47b61a3 - Patch
References	~~() https://git.kernel.org/stable/c/623918f40fa68e3bb21312a3fafb90f491bf5358 -~~	() https://git.kernel.org/stable/c/623918f40fa68e3bb21312a3fafb90f491bf5358 - Patch
References	~~() https://git.kernel.org/stable/c/7410f4d1221bb182510b7778ab6eefa8b9b7102d -~~	() https://git.kernel.org/stable/c/7410f4d1221bb182510b7778ab6eefa8b9b7102d - Patch
References	~~() https://git.kernel.org/stable/c/9980a3ea20de40c83817877106c909cb032692d2 -~~	() https://git.kernel.org/stable/c/9980a3ea20de40c83817877106c909cb032692d2 - Patch
References	~~() https://git.kernel.org/stable/c/a110287ef4a423980309490df632e1c1e73b3dc9 -~~	() https://git.kernel.org/stable/c/a110287ef4a423980309490df632e1c1e73b3dc9 - Patch
References	~~() https://git.kernel.org/stable/c/b3d72d3135d2ef68296c1ee174436efd65386f04 -~~	() https://git.kernel.org/stable/c/b3d72d3135d2ef68296c1ee174436efd65386f04 - Patch
References	~~() https://git.kernel.org/stable/c/f00c84fb1635c27ba24ec5df65d5bd7d7dc00008 -~~	() https://git.kernel.org/stable/c/f00c84fb1635c27ba24ec5df65d5bd7d7dc00008 - Patch
CWE		CWE-476
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:6.1:rc3:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.1:rc8::::::

23 Oct 2024, 15:13

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mac802154: se corrige el INIT_LIST_HEAD faltante en ieee802154_if_add(). La prueba de inyección de errores del kernel informa null-ptr-deref de la siguiente manera: ERROR: desreferencia de puntero NULL del kernel, dirección: 0000000000000008 RIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114 Seguimiento de llamadas: raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87 call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944 unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982 unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879 register_netdevice+0x9a8/0xb90 net/core/dev.c:10083 ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659 ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229 mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316 ieee802154_if_add() asigna wpan_dev como datos privados de netdev, pero No inicializa la lista en la estructura wpan_dev. cfg802154_netdev_notifier_call() administra la lista cuando se registra o cancela el registro del dispositivo y puede generar una desreferencia de PTR nula. Use INIT_LIST_HEAD() para inicializarla correctamente.

21 Oct 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-21 20:15

Updated : 2024-10-25 15:22

NVD link : CVE-2022-48972

Mitre link : CVE-2022-48972

CVE.ORG link : CVE-2022-48972

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10