CVE-2022-48879

low-risk

Published 2024-08-21

In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in the unlikely event that EFI initialisation fails to avoid dereferencing a NULL pointer.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/4ca71bc0e1995d15486cd7b60845602a28399cb5

Patch https://git.kernel.org/stable/c/585a0b2b3ae7903c6abee3087d09c69e955a7794

Patch https://git.kernel.org/stable/c/5fcf75a8a4c3e7ee9122d143684083c9faf20452

Patch https://git.kernel.org/stable/c/703c13fe3c9af557d312f5895ed6a5fda2711104

Patch https://git.kernel.org/stable/c/adc96d30f6503d30dc68670c013716f1d9fcc747

Patch https://git.kernel.org/stable/c/e2ea55564229e4bea1474af15b111b3a3043b76f

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal