{
  "threat_severity" : "Moderate",
  "public_date" : "2024-08-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: iwlwifi: mvm: check debugfs_dir ptr before use",
    "id" : "2307171",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2307171"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\niwlwifi: mvm: check debugfs_dir ptr before use\nWhen \"debugfs=off\" is used on the kernel command line, iwiwifi's\nmvm module uses an invalid/unchecked debugfs_dir pointer and causes\na BUG:\nBUG: kernel NULL pointer dereference, address: 000000000000004f\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 1 PID: 503 Comm: modprobe Tainted: G        W         5.17.0-rc5 #7\nHardware name: Dell Inc. Inspiron 15 5510/076F7Y, BIOS 2.4.1 11/05/2021\nRIP: 0010:iwl_mvm_dbgfs_register+0x692/0x700 [iwlmvm]\nCode: 69 a0 be 80 01 00 00 48 c7 c7 50 73 6a a0 e8 95 cf ee e0 48 8b 83 b0 1e 00 00 48 c7 c2 54 73 6a a0 be 64 00 00 00 48 8d 7d 8c <48> 8b 48 50 e8 15 22 07 e1 48 8b 43 28 48 8d 55 8c 48 c7 c7 5f 73\nRSP: 0018:ffffc90000a0ba68 EFLAGS: 00010246\nRAX: ffffffffffffffff RBX: ffff88817d6e3328 RCX: ffff88817d6e3328\nRDX: ffffffffa06a7354 RSI: 0000000000000064 RDI: ffffc90000a0ba6c\nRBP: ffffc90000a0bae0 R08: ffffffff824e4880 R09: ffffffffa069d620\nR10: ffffc90000a0ba00 R11: ffffffffffffffff R12: 0000000000000000\nR13: ffffc90000a0bb28 R14: ffff88817d6e3328 R15: ffff88817d6e3320\nFS:  00007f64dd92d740(0000) GS:ffff88847f640000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000000004f CR3: 000000016fc79001 CR4: 0000000000770ee0\nPKRU: 55555554\nCall Trace:\n<TASK>\n? iwl_mvm_mac_setup_register+0xbdc/0xda0 [iwlmvm]\niwl_mvm_start_post_nvm+0x71/0x100 [iwlmvm]\niwl_op_mode_mvm_start+0xab8/0xb30 [iwlmvm]\n_iwl_op_mode_start+0x6f/0xd0 [iwlwifi]\niwl_opmode_register+0x6a/0xe0 [iwlwifi]\n? 0xffffffffa0231000\niwl_mvm_init+0x35/0x1000 [iwlmvm]\n? 0xffffffffa0231000\ndo_one_initcall+0x5a/0x1b0\n? kmem_cache_alloc+0x1e5/0x2f0\n? do_init_module+0x1e/0x220\ndo_init_module+0x48/0x220\nload_module+0x2602/0x2bc0\n? __kernel_read+0x145/0x2e0\n? kernel_read_file+0x229/0x290\n__do_sys_finit_module+0xc5/0x130\n? __do_sys_finit_module+0xc5/0x130\n__x64_sys_finit_module+0x13/0x20\ndo_syscall_64+0x38/0x90\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f64dda564dd\nCode: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1b 29 0f 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffdba393f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f64dda564dd\nRDX: 0000000000000000 RSI: 00005575399e2ab2 RDI: 0000000000000001\nRBP: 000055753a91c5e0 R08: 0000000000000000 R09: 0000000000000002\nR10: 0000000000000001 R11: 0000000000000246 R12: 00005575399e2ab2\nR13: 000055753a91ceb0 R14: 0000000000000000 R15: 000055753a923018\n</TASK>\nModules linked in: btintel(+) btmtk bluetooth vfat snd_hda_codec_hdmi fat snd_hda_codec_realtek snd_hda_codec_generic iwlmvm(+) snd_sof_pci_intel_tgl mac80211 snd_sof_intel_hda_common soundwire_intel soundwire_generic_allocation soundwire_cadence soundwire_bus snd_sof_intel_hda snd_sof_pci snd_sof snd_sof_xtensa_dsp snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core btrfs snd_compress snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec raid6_pq iwlwifi snd_hda_core snd_pcm snd_timer snd soundcore cfg80211 intel_ish_ipc(+) thunderbolt rfkill intel_ishtp ucsi_acpi wmi i2c_hid_acpi i2c_hid evdev\nCR2: 000000000000004f\n---[ end trace 0000000000000000 ]---\nCheck the debugfs_dir pointer for an error before using it.\n[change to make both conditional]", "A denial of service vulnerability was found in the Linux kernel. When debugfs is set as off in the kernel command line, iwiwifi's mvm module uses an invalid/unchecked debugfs_dir pointer, resulting in disruption to availability." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7444",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-425.3.1.rt7.213.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7683",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-425.3.1.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:7933",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9::nfv",
    "package" : "kernel-rt-0:5.14.0-162.6.1.rt21.168.el9_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-48918\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48918\nhttps://lore.kernel.org/linux-cve-announce/2024082217-CVE-2022-48918-9b85@gregkh/T" ],
  "name" : "CVE-2022-48918",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}