CVE-2022-48770

MEDIUM

Linux Kernel 5.9-5.10.96 5.11-5.15.19 5.16-5.16.5 - NULL Pointer Dereference in task_pt_regs

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack() task_pt_regs() can return NULL on powerpc for kernel threads. This is then used in __bpf_get_stack() to check for user mode, resulting in a kernel oops. Guard against this by checking return value of task_pt_regs() before trying to obtain the call chain.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/ff6bdc205fd0a83bd365405d4e31fb5905826996

Patch

https://git.kernel.org/stable/c/0bcd484587b3b3092e448d27dc369e347e1810c3

Patch

https://git.kernel.org/stable/c/b82ef4985a6d05e80f604624332430351df7b79a

Patch

https://git.kernel.org/stable/c/b992f01e66150fc5e90be4a96f5eb8e634c8249e

Scores

CVSS v3 5.5

EPSS 0.0022

EPSS Percentile 12.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (15)

linux/Kernel 5.11.0 - 5.15.19linux

linux/Kernel 5.16.0 - 5.16.5linux

linux/Kernel 5.9.0 - 5.10.96linux

Linux/Linux < 5.9

Linux/Linux 5.10.96 - 5.10.*

Linux/Linux 5.15.19 - 5.15.*

Linux/Linux 5.16.5 - 5.16.*

Linux/Linux 5.17

Linux/Linux 5.9

Linux/Linux fa28dcb82a38f8e3993b0fae9106b1a80b59e4f0 - 0bcd484587b3b3092e448d27dc369e347e1810c3

... and 5 more

Published Jun 20, 2024

Tracked Since Feb 18, 2026