{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48703", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-03T14:55:07.146Z", "datePublished": "2024-05-03T15:14:07.390Z", "dateUpdated": "2024-12-19T08:05:53.727Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:05:53.727Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[ 71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/thermal/intel/int340x_thermal/int3400_thermal.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "dae42083b045a4ddf71c57cf350cb2412b5915c2", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7931e28098a4c1a2a6802510b0cbe57546d2049d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/thermal/intel/int340x_thermal/int3400_thermal.c"], "versions": [{"version": "5.19.9", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2"}, {"url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d"}], "title": "thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:39:52.003733Z", "id": "CVE-2022-48703", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:44:38.505Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.767Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.767Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48703", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:39:52.003733Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:39:52.972Z"}}], "cna": {"title": "thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "dae42083b045a4ddf71c57cf350cb2412b5915c2", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7931e28098a4c1a2a6802510b0cbe57546d2049d", "versionType": "git"}], "programFiles": ["drivers/thermal/intel/int340x_thermal/int3400_thermal.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.19.9", "versionType": "semver", "lessThanOrEqual": "5.19.*"}, {"status": "unaffected", "version": "6.0", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/thermal/intel/int340x_thermal/int3400_thermal.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2"}, {"url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[ 71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:05:53.727Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48703", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:05:53.727Z", "dateReserved": "2024-05-03T14:55:07.146Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-03T15:14:07.390Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A99BA199-0BFA-4BF0-A0C7-3EBC72400E1B", "versionEndExcluding": "5.19.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[ 71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal/int340x_thermal: maneja data_vault cuando el valor es ZERO_SIZE_PTR. En algunos casos, el GDDV devuelve un paquete con un buffer que tiene longitud cero. Provoca que kmemdup() devuelva ZERO_SIZE_PTR (0x10). Luego, data_vault_read() tuvo un problema de desreferencia de punto NULL al acceder al valor 0x10 en data_vault. [71.024560] ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 00000000000000010 Este parche usa ZERO_OR_NULL_PTR() para verificar ZERO_SIZE_PTR o el valor NULL en data_vault."}], "id": "CVE-2022-48703", "lastModified": "2025-03-05T15:11:27.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-03T16:15:08.650", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR", "id": "2278960", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278960"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n[ 71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault.", "A flaw was found in the Linux kernel in the `thermal/int340x_thermal` driver. This issue occurs when the Global Device Data Vault (GDDV) returns a zero-length buffer, causing the `kmemdup()` function to return a `ZERO_SIZE_PTR` (0x10), leading to a NULL pointer dereference in `data_vault_read()`, potentially causing a kernel crash. The issue has been fixed by adding checks for `ZERO_SIZE_PTR` or `NULL` using the `ZERO_OR_NULL_PTR()` macro."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48703", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48703\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48703\nhttps://lore.kernel.org/linux-cve-announce/2024050351-CVE-2022-48703-3099@gregkh/T"], "threat_severity": "Moderate"}