CVE-2022-49308

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

n the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke the sysfs such as state_show() intermittently before dev_set_drvdata() is done. And it can be a cause of kernel Oops because of edev is Null at that time. So modified the driver registration to after setting drviver data. - Oops's backtrace. Backtrace: [<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show) [<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show) [<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show) [<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read) [<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read) [<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read) [<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read) [<c0231e34>] (vfs_read) from [<c0232464>] (ksys_read) [<c02323f0>] (ksys_read) from [<c02324fc>] (sys_read) [<c02324e4>] (sys_read) from [<c00091d0>] (__sys_trace_return)

References

Link	Resource
https://git.kernel.org/stable/c/033ec4e7e59ae5e1ef1e8c10bc6552926044ed1c	Patch
https://git.kernel.org/stable/c/35ff1ac55d301efb3f467cf5426faaeb3452994b	Patch
https://git.kernel.org/stable/c/368e68ad6da4317fc4170e8d92b51c13d1bfe7a7	Patch
https://git.kernel.org/stable/c/5dcc2afe716d69f5112ce035cb14f007461ff189	Patch
https://git.kernel.org/stable/c/6e721f3ad0535b24f19a62420f4da95212cf069c	Patch
https://git.kernel.org/stable/c/abf3b222614f49f98e606fccdd269161c0d70204	Patch
https://git.kernel.org/stable/c/cb81ea998c461868d1168411a867d8ffee12f23f	Patch
https://git.kernel.org/stable/c/d472c78cc82999d07bd09193a6718016ce9cd386	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

21 Oct 2025, 12:19

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~() https://git.kernel.org/stable/c/033ec4e7e59ae5e1ef1e8c10bc6552926044ed1c -~~	() https://git.kernel.org/stable/c/033ec4e7e59ae5e1ef1e8c10bc6552926044ed1c - Patch
References	~~() https://git.kernel.org/stable/c/35ff1ac55d301efb3f467cf5426faaeb3452994b -~~	() https://git.kernel.org/stable/c/35ff1ac55d301efb3f467cf5426faaeb3452994b - Patch
References	~~() https://git.kernel.org/stable/c/368e68ad6da4317fc4170e8d92b51c13d1bfe7a7 -~~	() https://git.kernel.org/stable/c/368e68ad6da4317fc4170e8d92b51c13d1bfe7a7 - Patch
References	~~() https://git.kernel.org/stable/c/5dcc2afe716d69f5112ce035cb14f007461ff189 -~~	() https://git.kernel.org/stable/c/5dcc2afe716d69f5112ce035cb14f007461ff189 - Patch
References	~~() https://git.kernel.org/stable/c/6e721f3ad0535b24f19a62420f4da95212cf069c -~~	() https://git.kernel.org/stable/c/6e721f3ad0535b24f19a62420f4da95212cf069c - Patch
References	~~() https://git.kernel.org/stable/c/abf3b222614f49f98e606fccdd269161c0d70204 -~~	() https://git.kernel.org/stable/c/abf3b222614f49f98e606fccdd269161c0d70204 - Patch
References	~~() https://git.kernel.org/stable/c/cb81ea998c461868d1168411a867d8ffee12f23f -~~	() https://git.kernel.org/stable/c/cb81ea998c461868d1168411a867d8ffee12f23f - Patch
References	~~() https://git.kernel.org/stable/c/d472c78cc82999d07bd09193a6718016ce9cd386 -~~	() https://git.kernel.org/stable/c/d472c78cc82999d07bd09193a6718016ce9cd386 - Patch
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: extcon: Modificar el dispositivo extcon para que se cree después de que se configuren los datos del controlador. Actualmente, alguien puede invocar el sysfs como state_show() de forma intermitente antes de que se realice dev_set_drvdata(). Y puede ser una causa de errores del kernel debido a que edev es Null en ese momento. Por lo tanto, se modificó el registro del controlador después de configurar los datos del controlador. - Ups, el backtrace. Rastreo inverso: [] (mostrar estado) desde [] (mostrar atributo de desarrollo) [] (mostrar atributo de desarrollo) desde [] (mostrar secuencia de sysfs_kf_seq) [] (mostrar secuencia de sysfs_kf_seq) desde [] (mostrar secuencia de kernfs) [] (mostrar secuencia de kernfs) desde [] (leer secuencia) [] (leer secuencia) desde [] (leer secuencia de kernfs_fop) [] (kernfs_fop_read) desde [] (__vfs_read) [] (__vfs_read) desde [] (vfs_read) [] (vfs_read) desde [] (ksys_read) [] (ksys_read) desde [] (sys_read) [] (sys_read) desde [] (__sys_trace_return)
CPE		cpe:2.3:o:linux:linux_kernel::::::::

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-10-21 12:19

NVD link : CVE-2022-49308

Mitre link : CVE-2022-49308

CVE.ORG link : CVE-2022-49308

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10