CVE-2022-48952: 
Linux Debian vulnerability analysis and mitigation

CVE-2022-48952 is a vulnerability in the Linux kernel affecting the PCI driver for MT7621 devices. The issue was discovered in the struct soc_device_attribute array implementation, which lacked a required sentinel value. This vulnerability affects Linux kernel versions from 5.4.17 up to 5.15.86, from 5.16 up to 6.0.15, and versions 6.1 and 6.1.1 (NVD).

The vulnerability stems from a missing sentinel in the struct soc_device_attribute array, which causes a system crash (oops) when accessed by the soc_device_match(mt7621_pcie_quirks_match) call. The issue was exposed after the CONFIG_SOC_MT7621 mt7621 soc_dev_attr was modified to register the SOC as a device. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability results in a system crash (oops) when the affected code path is triggered, leading to a denial of service condition. The CVSS scoring indicates high impact on availability but no impact on confidentiality or integrity (NVD).

The vulnerability has been fixed by adding the required sentinel to the struct soc_device_attribute array. The fix was implemented through a patch that adds a sentinel entry to the mt7621_pcie_quirks_match array (Kernel Patch).