CVE-2022-48663

We now remove the device's debugfs entries when unbinding the driver. This now causes a NULL-pointer dereference on module exit because the platform devices are unregistered after the global debugfs directory has been recursively removed. Fix it by unregistering the devices first.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48663.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3815e66c2183f3430490e450ba16779cf5214ec6

Fixed

bdea98b98f844bd8a983ca880893e509a8b4162f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3a10e8edee2b45a654f1f7b05f747129ec84cf9d

Fixed

18352095a0d581f6aeb1e9fc9d68cc0152cd64b4

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

bc55c1677edbe86a1c66a35e800df47dff16ad61

Fixed

af0bfabf06c74c260265c30ba81a34e7dec0e881

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

303e6da99429510b1e4edf833afe90ac8542e747

Fixed

b7df41a6f79dfb18ba2203f8c5f0e9c0b9b57f68

Affected versions

v5.*

v5.10.144

v5.10.145

v5.15.69

v5.15.70

v5.19.10

v5.19.11

v6.*

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.10.144

Fixed

5.10.146

Type: ECOSYSTEM
Events: Introduced

5.15.69

Fixed

5.15.71

Type: ECOSYSTEM
Events: Introduced

5.19.10

Fixed

5.19.12