CVE-2022-49308

MEDIUM EPSS 18.5%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke the sysfs such as state_show() intermittently before dev_set_drvdata() is done. And it can be a cause of kernel Oops because of edev is Null at that time. So modified the driver registration to after setting drviver data. - Oops's backtrace. Backtrace: [<c067865c>] (state_show) from [<c05222e8>] (dev_attr_show) [<c05222c0>] (dev_attr_show) from [<c02c66e0>] (sysfs_kf_seq_show) [<c02c6648>] (sysfs_kf_seq_show) from [<c02c496c>] (kernfs_seq_show) [<c02c4938>] (kernfs_seq_show) from [<c025e2a0>] (seq_read) [<c025e11c>] (seq_read) from [<c02c50a0>] (kernfs_fop_read) [<c02c5064>] (kernfs_fop_read) from [<c0231cac>] (__vfs_read) [<c0231c5c>] (__vfs_read) from [<c0231ee0>] (vfs_read) [<c0231e34>] (vfs_read) from [<c0232464>] (ksys_read) [<c02323f0>] (ksys_read) from [<c02324fc>] (sys_read) [<c02324e4>] (sys_read) from [<c00091d0>] (__sys_trace_return)

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
18.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel* <4.14.283
linuxlinux_kernel*≥4.15  –  <4.19.247
linuxlinux_kernel*≥4.20  –  <5.4.198
linuxlinux_kernel*≥5.5  –  <5.10.122
linuxlinux_kernel*≥5.11  –  <5.15.47
linuxlinux_kernel*≥5.16  –  <5.17.15
linuxlinux_kernel*≥5.18  –  <5.18.4

References 8

  • git.kernel.org https://git.kernel.org/stable/c/033ec4e7e59ae5e1ef1e8c10bc6552926044ed1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/35ff1ac55d301efb3f467cf5426faaeb3452994b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/368e68ad6da4317fc4170e8d92b51c13d1bfe7a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5dcc2afe716d69f5112ce035cb14f007461ff189
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6e721f3ad0535b24f19a62420f4da95212cf069c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/abf3b222614f49f98e606fccdd269161c0d70204
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cb81ea998c461868d1168411a867d8ffee12f23f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d472c78cc82999d07bd09193a6718016ce9cd386
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/033ec4e7e59ae5e1ef1e8c10bc6552926044ed1c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/35ff1ac55d301efb3f467cf5426faaeb3452994b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/368e68ad6da4317fc4170e8d92b51c13d1bfe7a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5dcc2afe716d69f5112ce035cb14f007461ff189
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6e721f3ad0535b24f19a62420f4da95212cf069c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/abf3b222614f49f98e606fccdd269161c0d70204
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cb81ea998c461868d1168411a867d8ffee12f23f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d472c78cc82999d07bd09193a6718016ce9cd386
    Patch