{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T07:52:33.718","vulnerabilities":[{"cve":{"id":"CVE-2022-48953","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-10-21T20:15:06.700","lastModified":"2024-10-25T20:07:48.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: cmos: Fix event handler registration ordering issue\n\nBecause acpi_install_fixed_event_handler() enables the event\nautomatically on success, it is incorrect to call it before the\nhandler routine passed to it is ready to handle events.\n\nUnfortunately, the rtc-cmos driver does exactly the incorrect thing\nby calling cmos_wake_setup(), which passes rtc_handler() to\nacpi_install_fixed_event_handler(), before cmos_do_probe(), because\nrtc_handler() uses dev_get_drvdata() to get to the cmos object\npointer and the driver data pointer is only populated in\ncmos_do_probe().\n\nThis leads to a NULL pointer dereference in rtc_handler() on boot\nif the RTC fixed event happens to be active at the init time.\n\nTo address this issue, change the initialization ordering of the\ndriver so that cmos_wake_setup() is always called after a successful\ncmos_do_probe() call.\n\nWhile at it, change cmos_pnp_probe() to call cmos_do_probe() after\nthe initial if () statement used for computing the IRQ argument to\nbe passed to cmos_do_probe() which is cleaner than calling it in\neach branch of that if () (local variable \"irq\" can be of type int,\nbecause it is passed to that function as an argument of type int).\n\nNote that commit 6492fed7d8c9 (\"rtc: rtc-cmos: Do not check\nACPI_FADT_LOW_POWER_S0\") caused this issue to affect a larger number\nof systems, because previously it only affected systems with\nACPI_FADT_LOW_POWER_S0 set, but it is present regardless of that\ncommit."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rtc: cmos: Fix event handler registration ordering issue Debido a que acpi_install_fixed_event_handler() habilita el evento automáticamente en caso de éxito, es incorrecto llamarlo antes de que la rutina del controlador que se le pasa esté lista para manejar eventos. Desafortunadamente, el controlador rtc-cmos hace exactamente lo incorrecto al llamar a cmos_wake_setup(), que pasa rtc_handler() a acpi_install_fixed_event_handler(), antes de cmos_do_probe(), porque rtc_handler() usa dev_get_drvdata() para llegar al puntero del objeto cmos y el puntero de datos del controlador solo se completa en cmos_do_probe(). Esto conduce a una desreferencia de puntero NULL en rtc_handler() en el arranque si el evento RTC fixed está activo en el momento de inicialización. Para solucionar este problema, cambie el orden de inicialización del controlador de modo que cmos_wake_setup() siempre se llame después de una llamada a cmos_do_probe() exitosa. Mientras tanto, cambie cmos_pnp_probe() para llamar a cmos_do_probe() después de la declaración if () inicial utilizada para calcular el argumento IRQ que se pasará a cmos_do_probe(), lo que es más limpio que llamarlo en cada rama de ese if () (la variable local \"irq\" puede ser de tipo int, porque se pasa a esa función como un argumento de tipo int). Tenga en cuenta que el commit 6492fed7d8c9 (\"rtc: rtc-cmos: No marque ACPI_FADT_LOW_POWER_S0\") provocó que este problema afectara a una mayor cantidad de sistemas, porque anteriormente solo afectaba a los sistemas con ACPI_FADT_LOW_POWER_S0 configurado, pero está presente independientemente de esa confirmación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"5.10.163","matchCriteriaId":"D2853A0C-C4B1-4484-864A-7B42421570AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.86","matchCriteriaId":"47237296-55D1-4ED4-8075-D00FC85A61EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.0.14","matchCriteriaId":"8761B6C5-F658-46D1-92B8-4ED28F931D6A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*","matchCriteriaId":"E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*","matchCriteriaId":"17F0B248-42CF-4AE6-A469-BB1BAE7F4705"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*","matchCriteriaId":"E2422816-0C14-4B5E-A1E6-A9D776E5C49B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*","matchCriteriaId":"1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*","matchCriteriaId":"35B26BE4-43A6-4A36-A7F6-5B3F572D9186"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*","matchCriteriaId":"3FFFB0B3-930D-408A-91E2-BAE0C2715D80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*","matchCriteriaId":"8535320E-A0DB-4277-800E-D0CE5BBA59E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*","matchCriteriaId":"21718AA4-4056-40F2-968E-BDAA465A7872"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0bcfccb48696aba475f046c2021f0733659ce0ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1ba745fce13d19775100eece30b0bfb8b8b10ea6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4919d3eb2ec0ee364f7e3cf2d99646c1b224fae8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/60c6e563a843032cf6ff84b2fb732cd8754fc10d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}