PT-2022-7502 · Linux+4 · Linux Kernel+4

Jon Hunter

Published

2022-02-22

Updated

2025-09-29

CVE-2022-48942

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the hwmon component of the Linux kernel, which can lead to a NULL pointer dereference when attempting to register a sensor with a thermal zone. This may cause the system to crash. The exact call sequence involves hwmon notify event() calling hwmon thermal notify(), which then calls thermal zone device update() and update temperature(), resulting in a call to mutex lock(). The hwmon core needs to handle errors returned from devm thermal zone of sensor register() to prevent such crashes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880

BDU:2024-06659

CVE-2022-48942

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

RHSA-2023:2458

RHSA-2023_2458

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3227-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

Affected Products

Astra Linux

Linux Kernel

Red Hat

Red Os

Suse

PT-2022-7502 · Linux+4 · Linux Kernel+4

CVE-2022-48942

Weakness Enumeration

Related Identifiers

Affected Products

References · 675