{"uuid": "8e19e01e-3d89-4c6b-9769-672b15afebc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48918", "type": "seen", "source": "https://t.me/cvedetector/3865", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48918 - Dell Inspiron 15 5510 iwlwifi mvm NULL Pointer Dereference Bug\", \n  \"Content\": \"CVE ID : CVE-2022-48918 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \niwlwifi: mvm: check debugfs_dir ptr before use  \n  \nWhen \"debugfs=off\" is used on the kernel command line, iwiwifi's  \nmvm module uses an invalid/unchecked debugfs_dir pointer and causes  \na BUG:  \n  \n BUG: kernel NULL pointer dereference, address: 000000000000004f  \n #PF: supervisor read access in kernel mode  \n #PF: error_code(0x0000) - not-present page  \n PGD 0 P4D 0  \n Oops: 0000 [#1] PREEMPT SMP  \n CPU: 1 PID: 503 Comm: modprobe Tainted: G        W         5.17.0-rc5 #7  \n Hardware name: Dell Inc. Inspiron 15 5510/076F7Y, BIOS 2.4.1 11/05/2021  \n RIP: 0010:iwl_mvm_dbgfs_register+0x692/0x700 [iwlmvm]  \n Code: 69 a0 be 80 01 00 00 48 c7 c7 50 73 6a a0 e8 95 cf ee e0 48 8b 83 b0 1e 00 00 48 c7 c2 54 73 6a a0 be 64 00 00 00 48 8d 7d 8c  8b 48 50 e8 15 22 07 e1 48 8b 43 28 48 8d 55 8c 48 c7 c7 5f 73  \n RSP: 0018:ffffc90000a0ba68 EFLAGS: 00010246  \n RAX: ffffffffffffffff RBX: ffff88817d6e3328 RCX: ffff88817d6e3328  \n RDX: ffffffffa06a7354 RSI: 0000000000000064 RDI: ffffc90000a0ba6c  \n RBP: ffffc90000a0bae0 R08: ffffffff824e4880 R09: ffffffffa069d620  \n R10: ffffc90000a0ba00 R11: ffffffffffffffff R12: 0000000000000000  \n R13: ffffc90000a0bb28 R14: ffff88817d6e3328 R15: ffff88817d6e3320  \n FS:  00007f64dd92d740(0000) GS:ffff88847f640000(0000) knlGS:0000000000000000  \n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \n CR2: 000000000000004f CR3: 000000016fc79001 CR4: 0000000000770ee0  \n PKRU: 55555554  \n Call Trace:  \n    \n  ? iwl_mvm_mac_setup_register+0xbdc/0xda0 [iwlmvm]  \n  iwl_mvm_start_post_nvm+0x71/0x100 [iwlmvm]  \n  iwl_op_mode_mvm_start+0xab8/0xb30 [iwlmvm]  \n  _iwl_op_mode_start+0x6f/0xd0 [iwlwifi]  \n  iwl_opmode_register+0x6a/0xe0 [iwlwifi]  \n  ? 0xffffffffa0231000  \n  iwl_mvm_init+0x35/0x1000 [iwlmvm]  \n  ? 0xffffffffa0231000  \n  do_one_initcall+0x5a/0x1b0  \n  ? kmem_cache_alloc+0x1e5/0x2f0  \n  ? do_init_module+0x1e/0x220  \n  do_init_module+0x48/0x220  \n  load_module+0x2602/0x2bc0  \n  ? __kernel_read+0x145/0x2e0  \n  ? kernel_read_file+0x229/0x290  \n  __do_sys_finit_module+0xc5/0x130  \n  ? __do_sys_finit_module+0xc5/0x130  \n  __x64_sys_finit_module+0x13/0x20  \n  do_syscall_64+0x38/0x90  \n  entry_SYSCALL_64_after_hwframe+0x44/0xae  \n RIP: 0033:0x7f64dda564dd  \n Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05  3d 01 f0 ff ff 73 01 c3 48 8b 0d 1b 29 0f 00 f7 d8 64 89 01 48  \n RSP: 002b:00007ffdba393f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139  \n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f64dda564dd  \n RDX: 0000000000000000 RSI: 00005575399e2ab2 RDI: 0000000000000001  \n RBP: 000055753a91c5e0 R08: 0000000000000000 R09: 0000000000000002  \n R10: 0000000000000001 R11: 0000000000000246 R12: 00005575399e2ab2  \n R13: 000055753a91ceb0 R14: 0000000000000000 R15: 000055753a923018  \n    \n Modules linked in: btintel(+) btmtk bluetooth vfat snd_hda_codec_hdmi fat snd_hda_codec_realtek snd_hda_codec_generic iwlmvm(+) snd_sof_pci_intel_tgl mac80211 snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence soundwire_bus snd_sof_intel_hda snd_sof_pci snd_sof snd_sof_xtensa_dsp snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core btrfs snd_compress snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec raid6_pq iwlwifi snd_hda_core snd_pcm snd_timer snd soundcore cfg80211 intel_ish_ipc(+) thunderbolt rfkill intel_ishtp ucsi_acpi wmi i2c_hid_acpi i2c_hid evdev  \n CR2: 000000000000004f  \n ---[ end trace 0000000000000000 ]---  \n  \nCheck the debugfs_dir pointer for an error before using it.  \n  \n[change to make both conditional] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, tim[...]", "creation_timestamp": "2024-08-22T05:08:09.000000Z"}