CVE-2022-48870
- Source
- https://cve.org/CVERecord?id=CVE-2022-48870
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48870.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-48870
- Downstream
- Related
- Published
- 2024-08-21T06:10:00.678Z
- Modified
- 2026-03-11T01:04:59.283755Z
- Summary
- tty: fix possible null-ptr-defer in spk_ttyio_release
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tty: fix possible null-ptr-defer in spkttyiorelease
Run the following tests on the qemu platform:
syzkaller:~# modprobe speakup_audptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node (MAJOR 10, MINOR 125) speakup 3.1.6: initialized synth name on entry is: (null) synth probe
spkttyioinitialiseldisc failed because ttykopen_exclusive returned failed (errno -16), then remove the module, we will get a null-ptr-defer problem, as follow:
syzkaller:~# modprobe -r speakupaudptr releasing synth audptr BUG: kernel NULL pointer dereference, address: 0000000000000080 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP PTI CPU: 2 PID: 204 Comm: modprobe Not tainted 6.1.0-rc6-dirty #1 RIP: 0010:mutexlock+0x14/0x30 Call Trace: <TASK> spkttyiorelease+0x19/0x70 [speakup] synthrelease.part.6+0xac/0xc0 [speakup] synth_remove+0x56/0x60 [speakup] _x64sysdeletemodule+0x156/0x250 ? fpregsassertstateconsistent+0x1d/0x50 dosyscall64+0x37/0x90 entrySYSCALL64afterhwframe+0x63/0xcd </TASK> Modules linked in: speakupaudptr(-) speakup Dumping ftrace buffer:
insynth->dev was not initialized during modprobe, so we add check for insynth->dev to fix this bug.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48870.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2da67bff29ab49caafb0766e8b8383b735ff796f
- https://git.kernel.org/stable/c/5abbeebd8296c2301023b8dc4b5a6c0d5229b4f5
- https://git.kernel.org/stable/c/64152e05a4de3ebf59f1740a0985a6d5fba0c77b
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48870.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-48870
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4f2a81f3a88217e7340b2cab5c0a5ebd0112514cFixed2da67bff29ab49caafb0766e8b8383b735ff796fFixed64152e05a4de3ebf59f1740a0985a6d5fba0c77bFixed5abbeebd8296c2301023b8dc4b5a6c0d5229b4f5
Affected versions
v5.*
v6.*
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48870.json"
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "drivers/accessibility/speakup/spk_ttyio.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2da67bff29ab49caafb0766e8b8383b735ff796f",
"deprecated": false,
"digest": {
"line_hashes": [
"44667930481586350597707408130324405533",
"323368231760875883006925320442666781621",
"226896962746905650409772620532239122171"
],
"threshold": 0.9
},
"id": "CVE-2022-48870-b58b48a3",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "drivers/accessibility/speakup/spk_ttyio.c",
"function": "spk_ttyio_release"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2da67bff29ab49caafb0766e8b8383b735ff796f",
"deprecated": false,
"digest": {
"function_hash": "61301491220673482849610547003934684553",
"length": 227.0
},
"id": "CVE-2022-48870-bd878e61",
"signature_type": "Function"
}
]