What is CVE-2022-48660?

CVE-2022-48660 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2022-48660 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-48660?

CVE-2022-48660 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2022-48660?

No patch is currently available for CVE-2022-48660. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2022-48660 actively exploited?

CVE-2022-48660 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-48660

Medium

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully When running gpio test on nxp-ls1028 platform with below command gpiomon --num-events=3 --rising-edge gpiochip1 25 There will be a warning trace as below: Call trace: free_irq+0x204/0x360 lineevent_free+0x64/0x70 gpio_ioctl+0x598/0x6a0 __arm64_sys_ioctl+0xb4/0x100 invoke_syscall+0x5c/0x130 ...... el0t_64_sync+0x1a0/0x1a4 The reason of this issue is that calling request_threaded_irq() function failed, and then lineevent_free() is invoked to release the resource. Since the lineevent_state::irq was already set, so the subsequent invocation of free_irq() would trigger the above warning call trace. To fix this issue, set the lineevent_state::irq after the IRQ register successfully.

Package Linux Kernel

Published 2024-04-28

Last modified 2024-11-21

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2022-48660 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/657803b918e097e47d99d1489da83a603c36bcdd
Patch
Kernel patch commit
https://git.kernel.org/stable/c/69bef19d6b9700e96285f4b4e28691cda3dcd0d1
Patch
Kernel patch commit
https://git.kernel.org/stable/c/97da736cd11ae73bdf2f5e21e24446b8349e0168
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2022-48660

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-04-28

Modified 2024-11-21

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2022-48660?

CVE-2022-48660 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2022-48660 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2022-48660?

CVE-2022-48660 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2022-48660?

No patch is currently available for CVE-2022-48660. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2022-48660 actively exploited?

No — CVE-2022-48660 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.