CVE-2022-48703 in Linux
Summary
by MITRE • 05/03/2024
In the Linux kernel, the following vulnerability has been resolved:
thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).
Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault.
[ 71.024560] BUG: kernel NULL pointer dereference, address:
0000000000000010
This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/29/2025
The vulnerability CVE-2022-48703 resides within the Linux kernel's thermal management subsystem, specifically in the int340x_thermal driver responsible for handling thermal sensors in certain hardware platforms. This issue manifests when the Generic Device Driver (GDDV) component returns a data package containing a buffer with zero length, a scenario that occurs under specific thermal conditions or hardware states. The problem stems from the kernel's handling of memory allocation and pointer validation within the thermal subsystem, creating a critical pathway for potential system instability or exploitation.
The technical flaw occurs during the data_vault_read() function execution where the kmemdup() function returns a ZERO_SIZE_PTR value of 0x10 instead of a proper NULL pointer when encountering zero-length buffers. This particular value represents a special kernel macro indicating an invalid memory allocation attempt rather than a genuine NULL reference. The driver fails to properly distinguish between a legitimate NULL pointer and this ZERO_SIZE_PTR value, leading to a kernel NULL pointer dereference when the code attempts to access memory at address 0x10. This dereference results in a kernel panic and system crash, as evidenced by the kernel log showing "BUG: kernel NULL pointer dereference, address: 0000000000000010".
The operational impact of this vulnerability extends beyond simple system crashes, as it can be exploited to cause denial of service attacks against Linux systems running affected kernel versions. Attackers could potentially trigger this condition through malformed thermal sensor data or by manipulating the hardware state to force the GDDV to return zero-length buffers, leading to system instability and potential data loss. The vulnerability affects systems using the int340x_thermal driver, which is commonly found in laptops and mobile devices with Intel processors and specific thermal management hardware configurations. This issue represents a classic case of inadequate pointer validation and memory handling, falling under CWE-476 which addresses NULL pointer dereference vulnerabilities.
The patch implemented to resolve this vulnerability introduces the ZERO_OR_NULL_PTR() macro check, which properly handles both NULL and ZERO_SIZE_PTR conditions in the data_vault_read() function. This approach aligns with established kernel security practices and follows the principle of defensive programming by ensuring all pointer values are validated before use. The fix demonstrates the importance of proper error handling in kernel space code where memory allocation failures can lead to critical system instability. This vulnerability also relates to ATT&CK technique T1499.001 which covers network denial of service, as the vulnerability can be leveraged to cause system crashes and availability issues in affected systems. The resolution reinforces kernel security best practices by ensuring proper handling of edge cases in memory management operations and demonstrates the critical need for robust pointer validation in system-level software components.