Linux · Linux Kernel · CVE-2022-48953
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue is related to the Linux kernel's rtc-cmos driver, where the event handler registration ordering is incorrect. This leads to a NULL pointer dereference in `rtc handler()` on boot if the RTC fixed event happens to be active at the init time. The problem arises because `acpi install fixed event handler()` enables the event automatically on success, but it is called before the handler routine is ready to handle events. The `rtc handler()` function uses `dev get drvdata()` to get to the cmos object pointer, but the driver data pointer is only populated in `cmos do probe()`. To address this issue, the initialization ordering of the driver needs to be changed so that `cmos wake setup()` is always called after a successful `cmos do probe()` call.
**Recommendations**
To resolve this issue, change the initialization ordering of the driver so that `cmos wake setup()` is always called after a successful `cmos do probe()` call. Additionally, modify `cmos pnp probe()` to call `cmos do probe()` after the initial if () statement used for computing the IRQ argument to be passed to `cmos do probe()`. At the moment, there is no information about a newer version that contains a fix for this vulnerability.