Description

In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault.

INFO

Published Date :

2024-05-03T15:14:07.390Z

Last Modified :

2025-07-17T16:55:26.052Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-48703 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-48703.

URL Resource
https://git.kernel.org/stable/c/39d5137085a6c37ace4680ee4d24020a4a03e7dc cve-icon cve-icon
https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d cve-icon cve-icon
https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024050351-CVE-2022-48703-3099@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-48703 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-48703 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact