CVE-2022-48787

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48787
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48787.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48787
Downstream
Related
Published
2024-07-16T11:43:44Z
Modified
2025-10-14T20:53:08.603909Z
Summary
iwlwifi: fix use-after-free
Details

In the Linux kernel, the following vulnerability has been resolved:

iwlwifi: fix use-after-free

If no firmware was present at all (or, presumably, all of the firmware files failed to parse), we end up unbinding by calling devicereleasedriver(), which calls remove(), which then in iwlwifi calls iwldrvstop(), freeing the 'drv' struct. However the new code I added will still erroneously access it after it was freed.

Set 'failure=false' in this case to avoid the access, all data was already freed anyway.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8e10749fa1a454c1e7214f36cec83241f5a36ef1
Fixed
d3b98fe36f8a06ce654049540773256ab59cb53d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1d7cc54137a4f28506dc7beac235b240b08f4e59
Fixed
7d6475179b85a83186ccce59cdc359d4f07d0bcb
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0446cafa843e6db4982731c167e11c80d42be7e2
Fixed
494de920d98f125b099f27a2d274850750aff957
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
febab6b60d61d13cd9f30a2991deea56df39567d
Fixed
008508c16af0087cda0394e1ac6f0493b01b6063
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e23f075d77987de4215c8e0696f28bcc707506f7
Fixed
ddd46059f7d99119b62d44c519df7a79f2e6a515
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6b5ad4bd0d78fef6bbe0ecdf96e09237c9c52cc1
Fixed
9958b9cbb22145295ee1ffaea0904c383da2c05d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ab07506b0454bea606095951e19e72c282bfbb42
Fixed
bea2662e7818e15d7607d17d57912ac984275d94

Affected versions

v4.*

v4.14.263
v4.14.264
v4.14.265
v4.14.266
v4.14.267
v4.19.226
v4.19.227
v4.19.228
v4.19.229
v4.19.230

v5.*

v5.10.100
v5.10.101
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.15.17
v5.15.18
v5.15.19
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.16
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.10
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17-rc1
v5.4.174
v5.4.175
v5.4.176
v5.4.177
v5.4.178
v5.4.179
v5.4.180

Database specific 

{
    "vanir_signatures": [
        {
            "id": "CVE-2022-48787-40a97f16",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@008508c16af0087cda0394e1ac6f0493b01b6063",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "145279440783943162133197565883309616137",
                    "138356238631684325228373177580261034368",
                    "206890851670976672557082084736350832952",
                    "72486169656087606520356401496821237730"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48787-45bdaa32",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ddd46059f7d99119b62d44c519df7a79f2e6a515",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c",
                "function": "iwl_req_fw_callback"
            },
            "digest": {
                "function_hash": "330071875447870180122267702306724425311",
                "length": 6399.0
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48787-4782cbf5",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bea2662e7818e15d7607d17d57912ac984275d94",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c",
                "function": "iwl_req_fw_callback"
            },
            "digest": {
                "function_hash": "330071875447870180122267702306724425311",
                "length": 6399.0
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48787-5afdeb82",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d6475179b85a83186ccce59cdc359d4f07d0bcb",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "145279440783943162133197565883309616137",
                    "138356238631684325228373177580261034368",
                    "206890851670976672557082084736350832952",
                    "72486169656087606520356401496821237730"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48787-67934bce",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9958b9cbb22145295ee1ffaea0904c383da2c05d",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c",
                "function": "iwl_req_fw_callback"
            },
            "digest": {
                "function_hash": "330071875447870180122267702306724425311",
                "length": 6399.0
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48787-6b8ebc0f",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@494de920d98f125b099f27a2d274850750aff957",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c",
                "function": "iwl_req_fw_callback"
            },
            "digest": {
                "function_hash": "104900081527877638031898786328084491386",
                "length": 6268.0
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48787-9dabc727",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9958b9cbb22145295ee1ffaea0904c383da2c05d",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "145279440783943162133197565883309616137",
                    "138356238631684325228373177580261034368",
                    "206890851670976672557082084736350832952",
                    "72486169656087606520356401496821237730"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48787-ac3978e2",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ddd46059f7d99119b62d44c519df7a79f2e6a515",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "145279440783943162133197565883309616137",
                    "138356238631684325228373177580261034368",
                    "206890851670976672557082084736350832952",
                    "72486169656087606520356401496821237730"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48787-c14ed9c7",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@494de920d98f125b099f27a2d274850750aff957",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "145279440783943162133197565883309616137",
                    "138356238631684325228373177580261034368",
                    "206890851670976672557082084736350832952",
                    "72486169656087606520356401496821237730"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48787-caadad5f",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d6475179b85a83186ccce59cdc359d4f07d0bcb",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c",
                "function": "iwl_req_fw_callback"
            },
            "digest": {
                "function_hash": "331333740664951336865007966227734608027",
                "length": 6343.0
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48787-cd627ca6",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3b98fe36f8a06ce654049540773256ab59cb53d",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "145279440783943162133197565883309616137",
                    "138356238631684325228373177580261034368",
                    "206890851670976672557082084736350832952",
                    "72486169656087606520356401496821237730"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48787-d90c080b",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bea2662e7818e15d7607d17d57912ac984275d94",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "145279440783943162133197565883309616137",
                    "138356238631684325228373177580261034368",
                    "206890851670976672557082084736350832952",
                    "72486169656087606520356401496821237730"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48787-dad4b924",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@008508c16af0087cda0394e1ac6f0493b01b6063",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c",
                "function": "iwl_req_fw_callback"
            },
            "digest": {
                "function_hash": "322659323425070067116579912965542283461",
                "length": 6385.0
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48787-f7260af5",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3b98fe36f8a06ce654049540773256ab59cb53d",
            "target": {
                "file": "drivers/net/wireless/intel/iwlwifi/iwl-drv.c",
                "function": "iwl_req_fw_callback"
            },
            "digest": {
                "function_hash": "85904273387367153071923845346253196276",
                "length": 5536.0
            },
            "signature_version": "v1",
            "deprecated": false,
            "signature_type": "Function"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.14.263
Fixed
4.14.268
Type
ECOSYSTEM
Events
Introduced
4.19.226
Fixed
4.19.231
Type
ECOSYSTEM
Events
Introduced
5.4.174
Fixed
5.4.181
Type
ECOSYSTEM
Events
Introduced
5.10.94
Fixed
5.10.102
Type
ECOSYSTEM
Events
Introduced
5.15.17
Fixed
5.15.25
Type
ECOSYSTEM
Events
Introduced
5.16.3
Fixed
5.16.11