CVE-2022-48942: hwmon: Handle failure to register sensor with thermal zone correctly
In the Linux kernel, the following vulnerability has been resolved:
hwmon: Handle failure to register sensor with thermal zone correctly
If an attempt is made to a sensor with a thermal zone and it fails,
the call to devm_thermal_zone_of_sensor_register() may return -ENODEV.
This may result in crashes similar to the following.
Unable to handle kernel NULL pointer dereference at virtual address 00000000000003cd
...
Internal error: Oops: 96000021 [#1] PREEMPT SMP
...
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : mutex_lock+0x18/0x60
lr : thermal_zone_device_update+0x40/0x2e0
sp : ffff800014c4fc60
x29: ffff800014c4fc60 x28: ffff365ee3f6e000 x27: ffffdde218426790
x26: ffff365ee3f6e000 x25: 0000000000000000 x24: ffff365ee3f6e000
x23: ffffdde218426870 x22: ffff365ee3f6e000 x21: 00000000000003cd
x20: ffff365ee8bf3308 x19: ffffffffffffffed x18: 0000000000000000
x17: ffffdde21842689c x16: ffffdde1cb7a0b7c x15: 0000000000000040
x14: ffffdde21a4889a0 x13: 0000000000000228 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 0000000001120000 x7 : 0000000000000001 x6 : 0000000000000000
x5 : 0068000878e20f07 x4 : 0000000000000000 x3 : 00000000000003cd
x2 : ffff365ee3f6e000 x1 : 0000000000000000 x0 : 00000000000003cd
Call trace:
mutex_lock+0x18/0x60
hwmon_notify_event+0xfc/0x110
0xffffdde1cb7a0a90
0xffffdde1cb7a0b7c
irq_thread_fn+0x2c/0xa0
irq_thread+0x134/0x240
kthread+0x178/0x190
ret_from_fork+0x10/0x20
Code: d503201f d503201f d2800001 aa0103e4 (c8e47c02)
Jon Hunter reports that the exact call sequence is:
hwmon_notify_event()
--> hwmon_thermal_notify()
--> thermal_zone_device_update()
--> update_temperature()
--> mutex_lock()
The hwmon core needs to handle all errors returned from calls
to devm_thermal_zone_of_sensor_register(). If the call fails
with -ENODEV, report that the sensor was not attached to a
thermal zone but continue to register the hwmon device.
Security readout for executives and security teams
Plain-English summary
This Linux kernel bug can crash a system when a hardware sensor fails to attach to a thermal zone. The public record shows an availability issue in kernel hardware monitoring, not evidence of remote compromise or data theft.
Executive priority
Handle through normal kernel patch governance, with higher urgency for appliances, embedded systems, or production hosts where unexpected reboot or crash creates operational impact.
Technical view
The hwmon core did not correctly handle failures from devm_thermal_zone_of_sensor_register(), including -ENODEV. A later hwmon notification path could call thermal_zone_device_update() and reach mutex_lock() with an invalid pointer, causing a kernel NULL pointer dereference crash.
Likely exposure
Exposure is most likely on Linux systems using affected kernel builds with hwmon sensors tied to thermal zones. The source bundle does not prove every Linux host is affected; hardware, driver, and kernel configuration determine practical exposure.
Exploitation context
The source bundle says this is not in KEV and provides no evidence of active exploitation. The available evidence supports a crash scenario during sensor thermal-zone handling, with impact framed as system stability and availability.
Researcher notes
The record lacks CVSS, CWE, and exploit evidence. Analysis should stay bounded to the documented hwmon thermal registration failure and crash path. Validate against vendor kernels because stable fixes may be backported without matching upstream version numbers.
Mitigation direction
Apply Linux kernel vendor updates containing the referenced stable fixes.
Prioritize systems with hwmon sensors, thermal zones, or embedded hardware monitoring dependencies.
Check distribution advisories for backported fixes before relying on version strings alone.
If immediate patching is impossible, request vendor guidance for platform-specific risk reduction.
Validation and detection
Inventory Linux kernel versions and vendor patch levels across affected platforms.
Review kernel or distribution changelogs for CVE-2022-48942 or the referenced commits.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-48942 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.