{"vulnerability": "CVE-2022-48865", "sightings": [{"uuid": "317213eb-edc5-4d51-90f7-1688c37f0c81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48865", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "eb2e7d56-114f-4e02-abc2-c8f04801a6e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48865", "type": "seen", "source": "https://t.me/cvedetector/953", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48865 - Linux Kernel TIPC Null Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-48865 \nPublished : July 16, 2024, 1:15 p.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ntipc: fix kernel panic when enabling bearer  \n  \nWhen enabling a bearer on a node, a kernel panic is observed:  \n  \n[    4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc]  \n...  \n[    4.520030] Call Trace:  \n[    4.520689]    \n[    4.521236]  tipc_link_build_proto_msg+0x375/0x750 [tipc]  \n[    4.522654]  tipc_link_build_state_msg+0x48/0xc0 [tipc]  \n[    4.524034]  __tipc_node_link_up+0xd7/0x290 [tipc]  \n[    4.525292]  tipc_rcv+0x5da/0x730 [tipc]  \n[    4.526346]  ? __netif_receive_skb_core+0xb7/0xfc0  \n[    4.527601]  tipc_l2_rcv_msg+0x5e/0x90 [tipc]  \n[    4.528737]  __netif_receive_skb_list_core+0x20b/0x260  \n[    4.530068]  netif_receive_skb_list_internal+0x1bf/0x2e0  \n[    4.531450]  ? dev_gro_receive+0x4c2/0x680  \n[    4.532512]  napi_complete_done+0x6f/0x180  \n[    4.533570]  virtnet_poll+0x29c/0x42e [virtio_net]  \n...  \n  \nThe node in question is receiving activate messages in another  \nthread after changing bearer status to allow message sending/  \nreceiving in current thread:  \n  \n         thread 1           |              thread 2  \n         --------           |              --------  \n                            |  \ntipc_enable_bearer()        |  \n  test_and_set_bit_lock()   |  \n    tipc_bearer_xmit_skb()  |  \n                            | tipc_l2_rcv_msg()  \n                            |   tipc_rcv()  \n                            |     __tipc_node_link_up()  \n                            |       tipc_link_build_state_msg()  \n                            |         tipc_link_build_proto_msg()  \n                            |           tipc_mon_prep()  \n                            |           {  \n                            |             ...  \n                            |             // null-pointer dereference  \n                            |             u16 gen = mon->dom_gen;  \n                            |             ...  \n                            |           }  \n  // Not being executed yet |  \n  tipc_mon_create()         |  \n  {                         |  \n    ...                     |  \n    // allocate             |  \n    mon = kzalloc();        |  \n    ...                     |  \n  }                         |  \n  \nMonitoring pointer in thread 2 is dereferenced before monitoring data  \nis allocated in thread 1. This causes kernel panic.  \n  \nThis commit fixes it by allocating the monitoring data before enabling  \nthe bearer to receive messages. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T16:16:50.000000Z"}]}