CVE-2022-48636

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48636
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48636.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48636
Downstream
Related
Published
2024-04-28T12:59:28.858Z
Modified
2026-03-14T11:56:14.205565Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
Details

In the Linux kernel, the following vulnerability has been resolved:

s390/dasd: fix Oops in dasdaliasgetstartdev due to missing pavgroup

Fix Oops in dasdaliasgetstartdev() function caused by the pavgroup pointer being NULL.

The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasdaliasgetstartdev() and lcuupdate() which sets pavgroup to NULL with the lcu->lock held.

Fix by checking the pavgroup pointer with lcu->lock held.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48636.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8e09f21574ea3028d5629e5de759e0b196c690c5
Fixed
d86b4267834e6d4af62e3073e48166e349ab1b70
Fixed
49f401a98b318761ca2e15d4c7869a20043fbed4
Fixed
aaba5ff2742043705bc4c02fd0b2b246e2e16da1
Fixed
2e473351400e3dd66f0b71eddcef82ee45a584c1
Fixed
f5fcc9d6d71d9ff7fdbdd4b89074e6e24fffc20b
Fixed
d3a67c21b18f33c79382084af556557c442f12a6
Fixed
650a2e79d176db753654d3dde88e53a2033036ac
Fixed
db7ba07108a48c0f95b74fabbfd5d63e924f992d

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48636.json"