{"uuid": "0f2ee6ce-fd3b-4ea5-8ff7-e527763495c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48908", "type": "seen", "source": "https://t.me/cvedetector/3869", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48908 - \"Linux Arcnet com20020 Null Pointer Dereference Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2022-48908 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()  \n  \nDuring driver initialization, the pointer of card info, i.e. the  \nvariable 'ci' is required. However, the definition of  \n'com20020pci_id_table' reveals that this field is empty for some  \ndevices, which will cause null pointer dereference when initializing  \nthese devices.  \n  \nThe following log reveals it:  \n  \n[    3.973806] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]  \n[    3.973819] RIP: 0010:com20020pci_probe+0x18d/0x13e0 [com20020_pci]  \n[    3.975181] Call Trace:  \n[    3.976208]  local_pci_probe+0x13f/0x210  \n[    3.977248]  pci_device_probe+0x34c/0x6d0  \n[    3.977255]  ? pci_uevent+0x470/0x470  \n[    3.978265]  really_probe+0x24c/0x8d0  \n[    3.978273]  __driver_probe_device+0x1b3/0x280  \n[    3.979288]  driver_probe_device+0x50/0x370  \n  \nFix this by checking whether the 'ci' is a null pointer first. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:08:50.000000Z"}