CVE-2022-48750

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.16.2-200.fc35.x86 64

Description The issue is related to a NULL pointer dereference in the Linux kernel, specifically in the hwmon component. This occurs when the clear caseopen() function is called with the wrong device type, leading to a crash. The problem arises because the device passed to clear caseopen() is the hwmon device, not the platform device, and the platform data is not set in the hwmon device. To resolve this, the pointer to sio data should be stored in the struct nct6775 data and retrieved from there when needed.

Recommendations To fix the issue, update the Linux kernel to a version where this vulnerability has been resolved. Ensure that the sio data pointer is correctly stored in the struct nct6775 data to prevent the NULL pointer dereference. As a temporary workaround, consider disabling the clear caseopen() function until a patch is available.