PT-2022-7638 · Linux+3 · Linux Kernel+3

Gaosheng Cui

Published

2022-12-22

Updated

2024-09-27

CVE-2022-48870

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc6

Description The issue is related to a null pointer dereference in the Linux kernel's tty component, specifically in the spk ttyio release function. This can occur when the speakup audptr module is removed while the in synth->dev device is not initialized, leading to a kernel crash. The vulnerability can be exploited to cause a denial of service. Technical details include the spk ttyio release function and the synth release function, which are involved in the vulnerability. The mutex lock function is also mentioned as part of the call trace.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the null pointer dereference in the spk ttyio release function. As a temporary workaround, consider disabling the speakup audptr module to prevent the vulnerability from being exploited.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-07631

CVE-2022-48870

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3227-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2022-7638 · Linux+3 · Linux Kernel+3

CVE-2022-48870

Weakness Enumeration

Related Identifiers

Affected Products

References · 674