{"timestamp":"2024-10-22T13:21:22.806157Z","id":"CVE-2022-48953","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/rtc/rtc-cmos.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a474aaedac99ba86e28ef6c912a7647c482db6dd","lessThan":"0bcfccb48696aba475f046c2021f0733659ce0ef","versionType":"git","status":"affected"},{"version":"a474aaedac99ba86e28ef6c912a7647c482db6dd","lessThan":"60c6e563a843032cf6ff84b2fb732cd8754fc10d","versionType":"git","status":"affected"},{"version":"a474aaedac99ba86e28ef6c912a7647c482db6dd","lessThan":"1ba745fce13d19775100eece30b0bfb8b8b10ea6","versionType":"git","status":"affected"},{"version":"a474aaedac99ba86e28ef6c912a7647c482db6dd","lessThan":"4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/rtc/rtc-cmos.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.28","status":"affected"},{"version":"0","lessThan":"2.6.28","versionType":"semver","status":"unaffected"},{"version":"5.10.163","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.86","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.0.14","lessThanOrEqual":"6.0.*","versionType":"semver","status":"unaffected"},{"version":"6.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NIST CWE-476

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.28 up to (excluding) 5.10.163
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.86
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.0.14
     *cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*

https://git.kernel.org/stable/c/0bcfccb48696aba475f046c2021f0733659ce0ef No Types Assigned

https://git.kernel.org/stable/c/0bcfccb48696aba475f046c2021f0733659ce0ef Patch

https://git.kernel.org/stable/c/1ba745fce13d19775100eece30b0bfb8b8b10ea6 No Types Assigned

https://git.kernel.org/stable/c/1ba745fce13d19775100eece30b0bfb8b8b10ea6 Patch

https://git.kernel.org/stable/c/4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8 No Types Assigned

https://git.kernel.org/stable/c/4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8 Patch

https://git.kernel.org/stable/c/60c6e563a843032cf6ff84b2fb732cd8754fc10d No Types Assigned

https://git.kernel.org/stable/c/60c6e563a843032cf6ff84b2fb732cd8754fc10d Patch

In the Linux kernel, the following vulnerability has been resolved:

rtc: cmos: Fix event handler registration ordering issue

Because acpi_install_fixed_event_handler() enables the event
automatically on success, it is incorrect to call it before the
handler routine passed to it is ready to handle events.

Unfortunately, the rtc-cmos driver does exactly the incorrect thing
by calling cmos_wake_setup(), which passes rtc_handler() to
acpi_install_fixed_event_handler(), before cmos_do_probe(), because
rtc_handler() uses dev_get_drvdata() to get to the cmos object
pointer and the driver data pointer is only populated in
cmos_do_probe().

This leads to a NULL pointer dereference in rtc_handler() on boot
if the RTC fixed event happens to be active at the init time.

To address this issue, change the initialization ordering of the
driver so that cmos_wake_setup() is always called after a successful
cmos_do_probe() call.

While at it, change cmos_pnp_probe() to call cmos_do_probe() after
the initial if () statement used for computing the IRQ argument to
be passed to cmos_do_probe() which is cleaner than calling it in
each branch of that if () (local variable "irq" can be of type int,
because it is passed to that function as an argument of type int).

Note that commit 6492fed7d8c9 ("rtc: rtc-cmos: Do not check
ACPI_FADT_LOW_POWER_S0") caused this issue to affect a larger number
of systems, because previously it only affected systems with
ACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that
commit.

kernel.org https://git.kernel.org/stable/c/0bcfccb48696aba475f046c2021f0733659ce0ef [No types assigned]

kernel.org https://git.kernel.org/stable/c/1ba745fce13d19775100eece30b0bfb8b8b10ea6 [No types assigned]

kernel.org https://git.kernel.org/stable/c/4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8 [No types assigned]

kernel.org https://git.kernel.org/stable/c/60c6e563a843032cf6ff84b2fb732cd8754fc10d [No types assigned]