CVE-2022-48879
Last modified
CVE-2022-48879 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.19.142, < 4.19.270 |
| Linux | Linux Kernel | >= 5.4.61, < 5.4.229 |
| Linux | Linux Kernel | >= 5.9, < 5.10.164 |
| Linux | Linux Kernel | >= 5.11, < 5.15.89 |
| Linux | Linux Kernel | >= 5.16, < 6.1.7 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2022-48879?
How severe is CVE-2022-48879?
How do I fix CVE-2022-48879?
Are you affected by CVE-2022-48879?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST