CVE-2022-48824

scsi: myrs: Fix crash in error case

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: myrs: Fix crash in error case In myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fails with non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and crash the kernel. [ 1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A [ 1.105872] myrs 0000:00:03.0: Failed to initialize Controller [ 1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 1.110774] Call Trace: [ 1.110950] myrs_cleanup+0xe4/0x150 [myrs] [ 1.111135] myrs_probe.cold+0x91/0x56a [myrs] [ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs] [ 1.111500] local_pci_probe+0x48/0x90

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5c5ceea00c8c9df150708e66cb9f2891192c1162 patch
https://git.kernel.org/stable/c/0e42c4a3d732517edc3766dd45a14e60d29dd929 patch
https://git.kernel.org/stable/c/6207f35c213f6cb2fc3f13b5e77f08c710e1de19 patch
https://git.kernel.org/stable/c/1d6cd26605b4d662063a83c15c776b5299a1cb23 patch
https://git.kernel.org/stable/c/4db09593af0b0b4d7d4805ebb3273df51d7cc30d patch

Frequently Asked Questions

What is the severity of CVE-2022-48824?
CVE-2022-48824 has been scored as a medium severity vulnerability.
How to fix CVE-2022-48824?
To fix CVE-2022-48824, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48824 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-48824 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48824?
CVE-2022-48824 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.