CVE & CISA-KEV Catalog

CVE-2022-48953

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpi_install_fixed_event_handler() enables the event automatically on success, it is incorrect to call it before the handler routine passed to it is ready to handle events. Unfortunately, the rtc-cmos driver does exactly the incorrect thing by calling cmos_wake_setup(), which passes rtc_handler() to acpi_install_fixed_event_handler(), before cmos_do_probe(), because rtc_handler() uses dev_get_drvdata() to get to the cmos object pointer and the driver data pointer is only populated in cmos_do_probe(). This leads to a NULL pointer dereference in rtc_handler() on boot if the RTC fixed event happens to be active at the init time. To address this issue, change the initialization ordering of the driver so that cmos_wake_setup() is always called after a successful cmos_do_probe() call. While at it, change cmos_pnp_probe() to call cmos_do_probe() after the initial if () statement used for computing the IRQ argument to be passed to cmos_do_probe() which is cleaner than calling it in each branch of that if () (local variable "irq" can be of type int, because it is passed to that function as an argument of type int). Note that commit 6492fed7d8c9 ("rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0") caused this issue to affect a larger number of systems, because previously it only affected systems with ACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that commit.

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.178-1CVE-2022-48953
Fixed in:6.1.4-1CVE-2022-48953
Fixed in:6.1.4-1CVE-2022-48953
Fixed in:6.1.4-1CVE-2022-48953

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.24%probability of exploitation in 30 days
16thpercentile

Low risk: more likely to be exploited than 16% of all known CVEs.

References

Related Vulnerabilities

Other CWE-476 (NULL Pointer Dereference) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-21758High7.592%-Fix
CVE-2023-21547High7.588%-Fix
CVE-2014-3470Medium4.386%-Fix
CVE-2021-44224High8.282%-Fix
CVE-2016-0742High7.582%-Fix
CVE-2009-1386Medium5.080%-Fix
Embed a live status badge for CVE-2022-48953
CVE-2022-48953 severity badge

Markdown

[![CVE-2022-48953](https://tridentstack.com/cve/badge/CVE-2022-48953.svg)](https://tridentstack.com/cve/CVE-2022-48953)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-48953"><img src="https://tridentstack.com/cve/badge/CVE-2022-48953.svg" alt="CVE-2022-48953"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-10-25.