PT-2023-9436 · Linux+4 · Linux Kernel+4

Krzysztof Kozlowski

Published

2023-01-09

Updated

2025-09-29

CVE-2022-48871

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rt5-00350-gb2450b7e00be-dirty #26

Description The vulnerability is related to a slab-out-of-bounds issue in the handle rx uart function of the qcom-geni-serial driver. This occurs when the RX FIFO depth is updated after the probe, causing the RX UART handle code to read beyond the bounds of the port->rx fifo buffer. The issue can be observed in certain configurations with Qualcomm Bluetooth HCI UART devices and KASAN.

Technical details about exploitation include:

The qcom geni serial port setup function updates the RX FIFO depth (port->rx fifo depth) to match real device capabilities.
The RX UART handle code reads port->rx fifo depth number of words into the port->rx fifo buffer, thus exceeding the bounds.
Vulnerable function names include handle rx uart, qcom geni serial handle rx, and qcom geni serial isr.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-125

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-8448

BDU:2024-07587

BDU:2024-07594

CVE-2022-48871

OESA-2024-2106

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3227-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

Affected Products

Alt Linux

Astra Linux

Linux Kernel

Red Os

Suse

PT-2023-9436 · Linux+4 · Linux Kernel+4

CVE-2022-48871

Weakness Enumeration

Related Identifiers

Affected Products

References · 714