CVE-2022-48908

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fix in commit 5f394102ee27dbf05la4e283390cd8d1759dacea

Description The vulnerability is related to a null pointer dereference in the com20020pci probe() function during driver initialization. The issue arises because the com20020pci id table definition reveals that the ci field is empty for some devices, causing a null pointer dereference when initializing these devices. This can lead to a denial of service. The vulnerability affects all versions of the Linux kernel prior to the fix.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix, specifically to a version after the commit 5f394102ee27dbf05la4e283390cd8d1759dacea. As a temporary workaround, consider disabling the com20020pci probe() function until a patch is available. However, this may have implications for the functionality of the affected devices.