PT-2024-11837 · Linux+4 · Linux Kernel+4

Wei Yongjun

Published

2022-12-05

Updated

2025-09-29

CVE-2022-48972

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the mac802154 component of the Linux kernel, specifically with errors in resource management in the ieee802154 if add() function. This can lead to a null pointer dereference, potentially causing a denial of service. The cfg802154 netdev notifier call() function manages a list when a device is registered or unregistered, which may result in a null pointer dereference if the list is not properly initialized. The ieee802154 if add() function allocates wpan dev as a net device's private data but does not initialize the list in the struct wpan dev.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-476

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-1066

BDU:2025-01685

CVE-2022-48972

OESA-2024-2370

OESA-2024-2371

OPENSUSE-SU-2024_3983-1

OPENSUSE-SU-2024_3985-1

OPENSUSE-SU-2024_4131-1

SUSE-SU-2024:3983-1

SUSE-SU-2024:3985-1

SUSE-SU-2024:4082-1

SUSE-SU-2024:4100-1

SUSE-SU-2024:4131-1

SUSE-SU-2024:4364-1

SUSE-SU-2025:0034-1

Affected Products

Alt Linux

Astra Linux

Linux Kernel

Red Os

Suse

PT-2024-11837 · Linux+4 · Linux Kernel+4

CVE-2022-48972

Weakness Enumeration

Related Identifiers

Affected Products

References · 1139