5.5
MEDIUM
CVE-2022-48972
Linux Kernel Mac802154 Null Pointer Dereference Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114 Call Trace: <TASK> raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87 call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944 unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982 unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879 register_netdevice+0x9a8/0xb90 net/core/dev.c:10083 ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659 ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229 mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316 ieee802154_if_add() allocates wpan_dev as netdev's private data, but not init the list in struct wpan_dev. cfg802154_netdev_notifier_call() manage the list when device register/unregister, and may lead to null-ptr-deref. Use INIT_LIST_HEAD() on it to initialize it correctly.

INFO

Published Date :

Oct. 21, 2024, 8:15 p.m.

Last Modified :

Oct. 25, 2024, 3:22 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2022-48972 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-48972.

URL Resource
https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f Patch
https://git.kernel.org/stable/c/42c319635c0cf7eb36eccac6cda76532f47b61a3 Patch
https://git.kernel.org/stable/c/623918f40fa68e3bb21312a3fafb90f491bf5358 Patch
https://git.kernel.org/stable/c/7410f4d1221bb182510b7778ab6eefa8b9b7102d Patch
https://git.kernel.org/stable/c/9980a3ea20de40c83817877106c909cb032692d2 Patch
https://git.kernel.org/stable/c/a110287ef4a423980309490df632e1c1e73b3dc9 Patch
https://git.kernel.org/stable/c/b3d72d3135d2ef68296c1ee174436efd65386f04 Patch
https://git.kernel.org/stable/c/f00c84fb1635c27ba24ec5df65d5bd7d7dc00008 Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-48972 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-48972 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Oct. 25, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Changed Reference Type https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f No Types Assigned https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f Patch
    Changed Reference Type https://git.kernel.org/stable/c/42c319635c0cf7eb36eccac6cda76532f47b61a3 No Types Assigned https://git.kernel.org/stable/c/42c319635c0cf7eb36eccac6cda76532f47b61a3 Patch
    Changed Reference Type https://git.kernel.org/stable/c/623918f40fa68e3bb21312a3fafb90f491bf5358 No Types Assigned https://git.kernel.org/stable/c/623918f40fa68e3bb21312a3fafb90f491bf5358 Patch
    Changed Reference Type https://git.kernel.org/stable/c/7410f4d1221bb182510b7778ab6eefa8b9b7102d No Types Assigned https://git.kernel.org/stable/c/7410f4d1221bb182510b7778ab6eefa8b9b7102d Patch
    Changed Reference Type https://git.kernel.org/stable/c/9980a3ea20de40c83817877106c909cb032692d2 No Types Assigned https://git.kernel.org/stable/c/9980a3ea20de40c83817877106c909cb032692d2 Patch
    Changed Reference Type https://git.kernel.org/stable/c/a110287ef4a423980309490df632e1c1e73b3dc9 No Types Assigned https://git.kernel.org/stable/c/a110287ef4a423980309490df632e1c1e73b3dc9 Patch
    Changed Reference Type https://git.kernel.org/stable/c/b3d72d3135d2ef68296c1ee174436efd65386f04 No Types Assigned https://git.kernel.org/stable/c/b3d72d3135d2ef68296c1ee174436efd65386f04 Patch
    Changed Reference Type https://git.kernel.org/stable/c/f00c84fb1635c27ba24ec5df65d5bd7d7dc00008 No Types Assigned https://git.kernel.org/stable/c/f00c84fb1635c27ba24ec5df65d5bd7d7dc00008 Patch
    Added CWE NIST CWE-476
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.19 up to (excluding) 4.9.336 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.302 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.269 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.227 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.159 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.83 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.0.13 *cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Oct. 21, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() Kernel fault injection test reports null-ptr-deref as follows: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:cfg802154_netdev_notifier_call+0x120/0x310 include/linux/list.h:114 Call Trace: <TASK> raw_notifier_call_chain+0x6d/0xa0 kernel/notifier.c:87 call_netdevice_notifiers_info+0x6e/0xc0 net/core/dev.c:1944 unregister_netdevice_many_notify+0x60d/0xcb0 net/core/dev.c:1982 unregister_netdevice_queue+0x154/0x1a0 net/core/dev.c:10879 register_netdevice+0x9a8/0xb90 net/core/dev.c:10083 ieee802154_if_add+0x6ed/0x7e0 net/mac802154/iface.c:659 ieee802154_register_hw+0x29c/0x330 net/mac802154/main.c:229 mcr20a_probe+0xaaa/0xcb1 drivers/net/ieee802154/mcr20a.c:1316 ieee802154_if_add() allocates wpan_dev as netdev's private data, but not init the list in struct wpan_dev. cfg802154_netdev_notifier_call() manage the list when device register/unregister, and may lead to null-ptr-deref. Use INIT_LIST_HEAD() on it to initialize it correctly.
    Added Reference kernel.org https://git.kernel.org/stable/c/7410f4d1221bb182510b7778ab6eefa8b9b7102d [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/9980a3ea20de40c83817877106c909cb032692d2 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/f00c84fb1635c27ba24ec5df65d5bd7d7dc00008 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/42c319635c0cf7eb36eccac6cda76532f47b61a3 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/a110287ef4a423980309490df632e1c1e73b3dc9 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/623918f40fa68e3bb21312a3fafb90f491bf5358 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/b3d72d3135d2ef68296c1ee174436efd65386f04 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-48972 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-48972 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: