CVE-2022-48843: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48843 is a vulnerability in the Linux kernel's DRM (Direct Rendering Manager) subsystem. The issue occurs in the VRR (Variable Refresh Rate) capable property handling of the DRM connector, where the VRR capable property is not attached by default to the connector and is only attached if VRR is supported. When a driver attempts to call the DRM core set property function without the property being attached, it causes a NULL pointer dereference (Kernel Commit).

The vulnerability exists in the drmconnectorsetvrrcapable_property function within the Linux kernel's DRM subsystem. The function attempts to set the VRR capable property without first checking if the property is attached to the connector. This can lead to a NULL pointer dereference when the property hasn't been attached. The issue has been assigned a CVSS 3 Severity Score of 5.5 (Medium) (Ubuntu Security).

If exploited, this vulnerability could cause a NULL pointer dereference in the Linux kernel's DRM subsystem, potentially leading to a system crash or denial of service condition when handling display connector properties (Ubuntu Security).

The vulnerability has been fixed in various Linux kernel versions. Ubuntu has released patches for affected versions: Linux 5.4.0-117.132 for focal (20.04 LTS), and multiple cloud kernel variants have also been updated. The fix involves adding a check to verify if the VRR capable property exists before attempting to set it (Ubuntu Security).