CVE-2022-48636

MEDIUM

Published 2024-04-28T12:59:28.858Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-48636. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

5.5

/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.152

Higher than 15.2% of all CVEs

Attack Vector Metrics

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Description

In the Linux kernel, the following vulnerability has been resolved:

s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup

Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup
pointer being NULL.

The pavgroup pointer is checked on the entrance of the function but
without the lcu->lock being held. Therefore there is a race window
between dasd_alias_get_start_dev() and _lcu_update() which sets
pavgroup to NULL with the lcu->lock held.

Fix by checking the pavgroup pointer with lcu->lock held.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

8e09f21574ea3028d5629e5de759e0b196c690c5 8e09f21574ea3028d5629e5de759e0b196c690c5 8e09f21574ea3028d5629e5de759e0b196c690c5 8e09f21574ea3028d5629e5de759e0b196c690c5 8e09f21574ea3028d5629e5de759e0b196c690c5 8e09f21574ea3028d5629e5de759e0b196c690c5 8e09f21574ea3028d5629e5de759e0b196c690c5 8e09f21574ea3028d5629e5de759e0b196c690c5

Linux

Affected Versions:

2.6.25 0 4.9.330 4.14.295 4.19.260 5.4.215 5.10.146 5.15.71 5.19.12 6.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-mxvm-x858-3gm2

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasd_alias_get_start_dev() and _lcu_update() which sets pavgroup to NULL with the lcu->lock held. Fix by checking the pavgroup pointer with lcu->lock held.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-48636

WEB https://git.kernel.org/stable/c/2e473351400e3dd66f0b71eddcef82ee45a584c1

WEB https://git.kernel.org/stable/c/49f401a98b318761ca2e15d4c7869a20043fbed4

WEB https://git.kernel.org/stable/c/650a2e79d176db753654d3dde88e53a2033036ac

WEB https://git.kernel.org/stable/c/aaba5ff2742043705bc4c02fd0b2b246e2e16da1

WEB https://git.kernel.org/stable/c/d3a67c21b18f33c79382084af556557c442f12a6

WEB https://git.kernel.org/stable/c/d86b4267834e6d4af62e3073e48166e349ab1b70

WEB https://git.kernel.org/stable/c/db7ba07108a48c0f95b74fabbfd5d63e924f992d

WEB https://git.kernel.org/stable/c/f5fcc9d6d71d9ff7fdbdd4b89074e6e24fffc20b

Advisory provided by GitHub Security Advisory Database. Published: April 28, 2024, Modified: October 29, 2024

References

https://git.kernel.org/stable/c/d86b4267834e6d4af62e3073e48166e349ab1b70

https://git.kernel.org/stable/c/49f401a98b318761ca2e15d4c7869a20043fbed4

https://git.kernel.org/stable/c/aaba5ff2742043705bc4c02fd0b2b246e2e16da1

https://git.kernel.org/stable/c/2e473351400e3dd66f0b71eddcef82ee45a584c1

https://git.kernel.org/stable/c/f5fcc9d6d71d9ff7fdbdd4b89074e6e24fffc20b

https://git.kernel.org/stable/c/d3a67c21b18f33c79382084af556557c442f12a6

https://git.kernel.org/stable/c/650a2e79d176db753654d3dde88e53a2033036ac

https://git.kernel.org/stable/c/db7ba07108a48c0f95b74fabbfd5d63e924f992d

Published: 2024-04-28T12:59:28.858Z

Last Modified: 2025-05-04T08:20:12.801Z

Copied to clipboard!

CVE-2022-48636

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!