mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.0 KiB
1.0 KiB
CVE-2022-48703
Description
In the Linux kernel, the following vulnerability has been resolved:thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTRIn some case, the GDDV returns a package with a buffer which haszero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).Then the data_vault_read() got NULL point dereference problem whenaccessing the 0x10 value in data_vault.[ 71.024560] BUG: kernel NULL pointer dereference, address:0000000000000010This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR orNULL value in data_vault.
POC
Reference
No PoCs from references.