CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-48707

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset callback. The CXL specification allows a host bridge with a single root port to have no explicit HDM decoders. Currently the region driver assumes there are none. As such the CXL core creates a special pass through decoder instance without a commit/reset callback. Prior to this patch, the ->reset() callback was called unconditionally when calling cxl_region_decode_reset. Thus a configuration with 1 Host Bridge, 1 Root Port, and one directly attached CXL type 3 device or multiple CXL type 3 devices attached to downstream ports of a switch can cause a null pointer dereference. Before the fix, a kernel crash was observed when we destroy the region, and a pass through decoder is reset. The issue can be reproduced as below, 1) create a region with a CXL setup which includes a HB with a single root port under which a memdev is attached directly. 2) destroy the region with cxl destroy-region regionX -f.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.5%

CVSS Severity

CVSS v3 Score 5.5

References

Products affected by CVE-2022-48707

Linux » Linux Kernel » Version: 6.0

cpe:2.3:o:linux:linux_kernel:6.0
Linux » Linux Kernel » Version: 6.0.1

cpe:2.3:o:linux:linux_kernel:6.0.1
Linux » Linux Kernel » Version: 6.0.10

cpe:2.3:o:linux:linux_kernel:6.0.10
Linux » Linux Kernel » Version: 6.0.11

cpe:2.3:o:linux:linux_kernel:6.0.11
Linux » Linux Kernel » Version: 6.0.12

cpe:2.3:o:linux:linux_kernel:6.0.12
Linux » Linux Kernel » Version: 6.0.13

cpe:2.3:o:linux:linux_kernel:6.0.13
Linux » Linux Kernel » Version: 6.0.14

cpe:2.3:o:linux:linux_kernel:6.0.14
Linux » Linux Kernel » Version: 6.0.15

cpe:2.3:o:linux:linux_kernel:6.0.15
Linux » Linux Kernel » Version: 6.0.16

cpe:2.3:o:linux:linux_kernel:6.0.16
Linux » Linux Kernel » Version: 6.0.17

cpe:2.3:o:linux:linux_kernel:6.0.17
Linux » Linux Kernel » Version: 6.0.18

cpe:2.3:o:linux:linux_kernel:6.0.18
Linux » Linux Kernel » Version: 6.0.19

cpe:2.3:o:linux:linux_kernel:6.0.19
Linux » Linux Kernel » Version: 6.0.2

cpe:2.3:o:linux:linux_kernel:6.0.2
Linux » Linux Kernel » Version: 6.0.3

cpe:2.3:o:linux:linux_kernel:6.0.3
Linux » Linux Kernel » Version: 6.0.4

cpe:2.3:o:linux:linux_kernel:6.0.4
Linux » Linux Kernel » Version: 6.0.5

cpe:2.3:o:linux:linux_kernel:6.0.5
Linux » Linux Kernel » Version: 6.0.6

cpe:2.3:o:linux:linux_kernel:6.0.6
Linux » Linux Kernel » Version: 6.0.7

cpe:2.3:o:linux:linux_kernel:6.0.7
Linux » Linux Kernel » Version: 6.0.8

cpe:2.3:o:linux:linux_kernel:6.0.8
Linux » Linux Kernel » Version: 6.0.9

cpe:2.3:o:linux:linux_kernel:6.0.9
Linux » Linux Kernel » Version: 6.1

cpe:2.3:o:linux:linux_kernel:6.1
Linux » Linux Kernel » Version: 6.1.1

cpe:2.3:o:linux:linux_kernel:6.1.1
Linux » Linux Kernel » Version: 6.1.10

cpe:2.3:o:linux:linux_kernel:6.1.10
Linux » Linux Kernel » Version: 6.1.11

cpe:2.3:o:linux:linux_kernel:6.1.11
Linux » Linux Kernel » Version: 6.1.2

cpe:2.3:o:linux:linux_kernel:6.1.2
Linux » Linux Kernel » Version: 6.1.3

cpe:2.3:o:linux:linux_kernel:6.1.3
Linux » Linux Kernel » Version: 6.1.4

cpe:2.3:o:linux:linux_kernel:6.1.4
Linux » Linux Kernel » Version: 6.1.5

cpe:2.3:o:linux:linux_kernel:6.1.5
Linux » Linux Kernel » Version: 6.1.6

cpe:2.3:o:linux:linux_kernel:6.1.6
Linux » Linux Kernel » Version: 6.1.7

cpe:2.3:o:linux:linux_kernel:6.1.7
Linux » Linux Kernel » Version: 6.1.8

cpe:2.3:o:linux:linux_kernel:6.1.8
Linux » Linux Kernel » Version: 6.1.9

cpe:2.3:o:linux:linux_kernel:6.1.9
Linux » Linux Kernel » Version: 6.2

cpe:2.3:o:linux:linux_kernel:6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-48707

Products

Pricing

Contact Us