CVE-2022-48772: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: media: lgdt3306a: Add a check against null-pointer-def The driver should check whether the client provides the platform_data. The following log reveals it: [ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40 [ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414 [ 29.612820] Call Trace: [ 29.613030] <TASK> [ 29.613201] dump_stack_lvl+0x56/0x6f [ 29.613496] ? kmemdup+0x30/0x40 [ 29.613754] print_report.cold+0x494/0x6b7 [ 29.614082] ? kmemdup+0x30/0x40 [ 29.614340] kasan_report+0x8a/0x190 [ 29.614628] ? kmemdup+0x30/0x40 [ 29.614888] kasan_check_range+0x14d/0x1d0 [ 29.615213] memcpy+0x20/0x60 [ 29.615454] kmemdup+0x30/0x40 [ 29.615700] lgdt3306a_probe+0x52/0x310 [ 29.616339] i2c_device_probe+0x951/0xa90
AI Analysis
Technical Summary
CVE-2022-48772 is a vulnerability identified in the Linux kernel specifically within the media driver for the lgdt3306a device. The root cause of the vulnerability is the lack of a null-pointer check for the platform_data pointer provided by the client during the driver's probe function execution. This omission can lead to a null pointer dereference when the driver attempts to duplicate memory using kmemdup without verifying if the input pointer is valid. The kernel's Kernel Address Sanitizer (KASAN) detects this issue as a null pointer dereference, which results in a kernel crash or panic, causing a denial of service (DoS). The vulnerability is triggered during the i2c device probing phase, which is part of the hardware initialization process for devices using the i2c bus. The provided kernel log trace shows the crash occurring in kmemdup, called from the lgdt3306a_probe function, confirming the null pointer dereference. This vulnerability does not appear to have any known exploits in the wild yet and no CVSS score has been assigned. However, it represents a stability and availability risk to systems running affected Linux kernel versions that include this driver and have the lgdt3306a device or similar hardware configured. The fix involves adding a proper null-pointer check before dereferencing platform_data, preventing the kernel from crashing due to invalid memory access.
Potential Impact
For European organizations, this vulnerability primarily poses a risk to system availability and stability. Systems using the affected Linux kernel versions with the lgdt3306a media driver could experience kernel panics or crashes if the vulnerability is triggered, potentially leading to service interruptions. This can affect embedded systems, industrial control systems, or specialized media hardware that rely on this driver. Although this vulnerability does not directly expose confidentiality or integrity risks, the denial of service impact can disrupt critical operations, especially in sectors relying on Linux-based infrastructure such as telecommunications, manufacturing, and media broadcasting. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the bug. European organizations with Linux-based systems should be aware of this issue to maintain operational continuity and avoid unexpected downtime.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Apply the latest Linux kernel patches that include the fix for CVE-2022-48772, ensuring the null-pointer check is implemented in the lgdt3306a driver. 2) Identify and inventory systems using the affected Linux kernel versions and the lgdt3306a media driver, particularly embedded or specialized devices. 3) Where patching is not immediately possible, consider disabling or unloading the lgdt3306a driver if the hardware is not in use or can be temporarily taken offline. 4) Implement kernel crash monitoring and alerting to detect any occurrences of null pointer dereference or KASAN reports, enabling rapid response to potential exploitation or accidental triggers. 5) For critical systems, conduct thorough testing of updated kernels in staging environments to ensure stability before deployment. 6) Maintain strict access controls to prevent unauthorized users from triggering device probing or loading vulnerable drivers, as exploitation requires local code execution or device interaction.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden
CVE-2022-48772: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: media: lgdt3306a: Add a check against null-pointer-def The driver should check whether the client provides the platform_data. The following log reveals it: [ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40 [ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414 [ 29.612820] Call Trace: [ 29.613030] <TASK> [ 29.613201] dump_stack_lvl+0x56/0x6f [ 29.613496] ? kmemdup+0x30/0x40 [ 29.613754] print_report.cold+0x494/0x6b7 [ 29.614082] ? kmemdup+0x30/0x40 [ 29.614340] kasan_report+0x8a/0x190 [ 29.614628] ? kmemdup+0x30/0x40 [ 29.614888] kasan_check_range+0x14d/0x1d0 [ 29.615213] memcpy+0x20/0x60 [ 29.615454] kmemdup+0x30/0x40 [ 29.615700] lgdt3306a_probe+0x52/0x310 [ 29.616339] i2c_device_probe+0x951/0xa90
AI-Powered Analysis
Technical Analysis
CVE-2022-48772 is a vulnerability identified in the Linux kernel specifically within the media driver for the lgdt3306a device. The root cause of the vulnerability is the lack of a null-pointer check for the platform_data pointer provided by the client during the driver's probe function execution. This omission can lead to a null pointer dereference when the driver attempts to duplicate memory using kmemdup without verifying if the input pointer is valid. The kernel's Kernel Address Sanitizer (KASAN) detects this issue as a null pointer dereference, which results in a kernel crash or panic, causing a denial of service (DoS). The vulnerability is triggered during the i2c device probing phase, which is part of the hardware initialization process for devices using the i2c bus. The provided kernel log trace shows the crash occurring in kmemdup, called from the lgdt3306a_probe function, confirming the null pointer dereference. This vulnerability does not appear to have any known exploits in the wild yet and no CVSS score has been assigned. However, it represents a stability and availability risk to systems running affected Linux kernel versions that include this driver and have the lgdt3306a device or similar hardware configured. The fix involves adding a proper null-pointer check before dereferencing platform_data, preventing the kernel from crashing due to invalid memory access.
Potential Impact
For European organizations, this vulnerability primarily poses a risk to system availability and stability. Systems using the affected Linux kernel versions with the lgdt3306a media driver could experience kernel panics or crashes if the vulnerability is triggered, potentially leading to service interruptions. This can affect embedded systems, industrial control systems, or specialized media hardware that rely on this driver. Although this vulnerability does not directly expose confidentiality or integrity risks, the denial of service impact can disrupt critical operations, especially in sectors relying on Linux-based infrastructure such as telecommunications, manufacturing, and media broadcasting. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the bug. European organizations with Linux-based systems should be aware of this issue to maintain operational continuity and avoid unexpected downtime.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Apply the latest Linux kernel patches that include the fix for CVE-2022-48772, ensuring the null-pointer check is implemented in the lgdt3306a driver. 2) Identify and inventory systems using the affected Linux kernel versions and the lgdt3306a media driver, particularly embedded or specialized devices. 3) Where patching is not immediately possible, consider disabling or unloading the lgdt3306a driver if the hardware is not in use or can be temporarily taken offline. 4) Implement kernel crash monitoring and alerting to detect any occurrences of null pointer dereference or KASAN reports, enabling rapid response to potential exploitation or accidental triggers. 5) For critical systems, conduct thorough testing of updated kernels in staging environments to ensure stability before deployment. 6) Maintain strict access controls to prevent unauthorized users from triggering device probing or loading vulnerable drivers, as exploitation requires local code execution or device interaction.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-20T11:09:39.061Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe6128
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 8:58:04 PM
Last updated: 7/28/2025, 11:36:21 PM
Views: 10
Related Threats
CVE-2025-9023: Buffer Overflow in Tenda AC7
HighCVE-2025-8905: CWE-94 Improper Control of Generation of Code ('Code Injection') in inpersttion Inpersttion For Theme
MediumCVE-2025-8720: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in morehawes Plugin README Parser
MediumCVE-2025-8091: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in ashanjay EventON – Events Calendar
MediumCVE-2025-8080: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in alobaidi Alobaidi Captcha
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.