VDB
CISA-2022-48636
CISA-2022-48636
PUBLISHED
CVSS 5.5 MEDIUM
Reported by Linux · Published April 28, 2024
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasd_alias_get_start_dev() and _lcu_update() which sets pavgroup to NULL with the lcu->lock held. Fix by checking the pavgroup pointer with lcu->lock held.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 8e09f21574ea3028d5629e5de759e0b196c690c5, 8e09f21574ea3028d5629e5de759e0b196c690c5, 8e09f21574ea3028d5629e5de759e0b196c690c5 |
| Linux | Linux | 2.6.25, 0, 4.9.330 |
| linux | linux_kernel | 2.6.25, 2.6.25, 2.6.25 |
| Linux | Linux | 8e09f21574ea3028d5629e5de759e0b196c690c5, 8e09f21574ea3028d5629e5de759e0b196c690c5, 8e09f21574ea3028d5629e5de759e0b196c690c5 |
Timeline
- Apr 28, 2024 CVE Published
- May 4, 2025 CVE Updated