Login Sign Up

CVE-2022-48710

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's Radeon graphics driver. If exploited, it could cause a kernel panic leading to system crash or denial of service. Systems using affected Radeon graphics hardware with vulnerable kernel versions are at risk.

💻 Affected Systems

Products:
  • Linux kernel with Radeon DRM driver
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Radeon graphics hardware and when the Radeon DRM driver is loaded/used.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential denial of service, and in rare cases could be leveraged for privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

System crash or kernel panic when specific graphics operations are performed, resulting in denial of service.

🟢

If Mitigated

System remains stable as the NULL check prevents the dereference; no impact on system functionality.

🌐 Internet-Facing: LOW - This requires local access or ability to execute code on the system; not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or processes could trigger the vulnerability, potentially causing system instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger specific graphics operations; not trivial to exploit remotely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits (e.g., stable releases after the fix)

Vendor Advisory: https://git.kernel.org/stable/c/140d9807b96e1303f6f2675a7ae8710a2094bd17

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable Radeon graphics driver

linux

Prevent loading of the vulnerable Radeon DRM driver

echo 'blacklist radeon' >> /etc/modprobe.d/blacklist-radeon.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Restrict local user access to systems with Radeon graphics
  • Monitor system logs for kernel panic events related to graphics operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if Radeon driver is loaded: uname -r && lsmod | grep radeon

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check dmesg for no NULL pointer dereference errors related to radeon

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • NULL pointer dereference errors in dmesg
  • radeon driver crash logs

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic") AND "radeon"

📊 Metadata

CVE ID: CVE-2022-48710
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: May 21, 2024
Last Updated: December 31, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48710, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)