CVE-2022-48952

In the Linux kernel, the following vulnerability has been resolved:

PCI: mt7621: Add sentinel to quirks table

Current driver is missing a sentinel in the struct soc_device_attribute
array, which causes an oops when assessed by the
soc_device_match(mt7621_pcie_quirks_match) call.

This was only exposed once the CONFIG_SOC_MT7621 mt7621 soc_dev_attr
was fixed to register the SOC as a device, in:

commit 7c18b64bba3b ("mips: ralink: mt7621: do not use kzalloc too early")

Fix it by adding the required sentinel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
linuxlinux_kernel
5.4.17 ≤
𝑥
< 5.15.86
linuxlinux_kernel
5.16 ≤
𝑥
< 6.0.15
linuxlinux_kernel
6.1
linuxlinux_kernel
6.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
trixie
6.11.5-1
fixed
sid
6.11.6-1
fixed
References
https://git.kernel.org/stable/c/19098934f910b4d47cb30251dd39ffa57bef9523
https://git.kernel.org/stable/c/3e9c395ef2d52975b2c2894d2da09d6db2958bc6
https://git.kernel.org/stable/c/a4997bae1b5b012c8a6e2643e26578a7bc2cae36
https://git.kernel.org/stable/c/cb7323ece786f243f6d6ccf2e5b2b27b736bdc04