SB20250226464 - NULL pointer dereference in Linux kernel powerpc mm
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226464
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2022-49214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the NOKPROBE_SYMBOL() function in arch/powerpc/mm/fault.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/093449bb182db885dae816d62874cccab7a4c42a
- https://git.kernel.org/stable/c/4a852ff9b7bea9c640540e2c1bc70bd3ba455d61
- https://git.kernel.org/stable/c/a3dae36d632b2cf6eb20314273e512a96cb43c9a
- https://git.kernel.org/stable/c/d4679ac8ea2e5078704aa1c026db36580cc1bf9a
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18