Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2022-48750

Description

In the Linux kernel, the following vulnerability has been resolved:hwmon: (nct6775) Fix crash in clear_caseopenPaweł Marciniak reports the following crash, observed when clearingthe chassis intrusion alarm.BUG: kernel NULL pointer dereference, address: 0000000000000028PGD 0 P4D 0Oops: 0000 [#1] PREEMPT SMP PTICPU: 3 PID: 4815 Comm: bash Tainted: G S 5.16.2-200.fc35.x86_64 #1Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Z97 Extreme4, BIOS P2.60A 05/03/2018RIP: 0010:clear_caseopen+0x5a/0x120 [nct6775]Code: 68 70 e8 e9 32 b1 e3 85 c0 0f 85 d2 00 00 00 48 83 7c 24 ...RSP: 0018:ffffabcb02803dd8 EFLAGS: 00010246RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000RDX: ffff8e8808192880 RSI: 0000000000000000 RDI: ffff8e87c7509a68RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000000aR10: 000000000000000a R11: f000000000000000 R12: 000000000000001fR13: ffff8e87c7509828 R14: ffff8e87c7509a68 R15: ffff8e88494527a0FS: 00007f4db9151740(0000) GS:ffff8e8ebfec0000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 0000000000000028 CR3: 0000000166b66001 CR4: 00000000001706e0Call Trace: kernfs_fop_write_iter+0x11c/0x1b0 new_sync_write+0x10b/0x180 vfs_write+0x209/0x2a0 ksys_write+0x4f/0xc0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xaeThe problem is that the device passed to clear_caseopen() is the hwmondevice, not the platform device, and the platform data is not set in thehwmon device. Store the pointer to sio_data in struct nct6775_data andget if from there if needed.

POC

Reference

No PoCs from references.

Github

- https://github.com/fkie-cad/nvd-json-data-feeds