CVE-2022-48952

PCI: mt7621: Add sentinel to quirks table

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: mt7621: Add sentinel to quirks table Current driver is missing a sentinel in the struct soc_device_attribute array, which causes an oops when assessed by the soc_device_match(mt7621_pcie_quirks_match) call. This was only exposed once the CONFIG_SOC_MT7621 mt7621 soc_dev_attr was fixed to register the SOC as a device, in: commit 7c18b64bba3b ("mips: ralink: mt7621: do not use kzalloc too early") Fix it by adding the required sentinel.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/3e9c395ef2d52975b2c2894d2da09d6db2958bc6 patch
https://git.kernel.org/stable/c/cb7323ece786f243f6d6ccf2e5b2b27b736bdc04 patch
https://git.kernel.org/stable/c/a4997bae1b5b012c8a6e2643e26578a7bc2cae36 patch
https://git.kernel.org/stable/c/19098934f910b4d47cb30251dd39ffa57bef9523 patch

Frequently Asked Questions

What is the severity of CVE-2022-48952?
CVE-2022-48952 has been scored as a medium severity vulnerability.
How to fix CVE-2022-48952?
To fix CVE-2022-48952, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48952 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-48952 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48952?
CVE-2022-48952 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.