In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasd_alias_get_start_dev() and _lcu_update() which sets pavgroup to NULL with the lcu->lock held. Fix by checking the pavgroup pointer with lcu->lock held.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc6:*:*:*:*:*:*

No data.

References
Link Providers
https://git.kernel.org/stable/c/2e473351400e3dd66f0b71eddcef82ee45a584c1 cve-icon cve-icon
https://git.kernel.org/stable/c/49f401a98b318761ca2e15d4c7869a20043fbed4 cve-icon cve-icon
https://git.kernel.org/stable/c/650a2e79d176db753654d3dde88e53a2033036ac cve-icon cve-icon
https://git.kernel.org/stable/c/aaba5ff2742043705bc4c02fd0b2b246e2e16da1 cve-icon cve-icon
https://git.kernel.org/stable/c/d3a67c21b18f33c79382084af556557c442f12a6 cve-icon cve-icon
https://git.kernel.org/stable/c/d86b4267834e6d4af62e3073e48166e349ab1b70 cve-icon cve-icon
https://git.kernel.org/stable/c/db7ba07108a48c0f95b74fabbfd5d63e924f992d cve-icon cve-icon
https://git.kernel.org/stable/c/f5fcc9d6d71d9ff7fdbdd4b89074e6e24fffc20b cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024042855-CVE-2022-48636-52a7@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-48636 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-48636 cve-icon
History

Fri, 21 Mar 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc6:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Tue, 29 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-28T12:59:28.858Z

Updated: 2024-12-19T08:04:46.772Z

Reserved: 2024-02-25T13:44:28.315Z

Link: CVE-2022-48636

cve-icon Vulnrichment

Updated: 2024-08-03T15:17:55.505Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-28T13:15:06.710

Modified: 2025-03-21T18:26:19.630

Link: CVE-2022-48636

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-04-28T00:00:00Z

Links: CVE-2022-48636 - Bugzilla