#VU104543 NULL pointer dereference in Linux kernel - CVE-2022-49232

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104543

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49232

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_connector_add_common_modes() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/19a7eba284790cfbba2945deb2363cf03ce41648
https://git.kernel.org/stable/c/2c729dec8c1e3e2892fde5ce8181553860914e74
https://git.kernel.org/stable/c/57f4ad5e286fe4599c8fc63cf89f85f9eec7f9c9
https://git.kernel.org/stable/c/588a70177df3b1777484267584ef38ab2ca899a2
https://git.kernel.org/stable/c/639b3b9def0a6a3f316a195d705d14113236e89c
https://git.kernel.org/stable/c/bdc7429708a0772d90c208975694f7c2133b1202
https://git.kernel.org/stable/c/f4eaa999fec78dec2a9c2d797438e05cbffb125b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

NULL pointer dereference in Linux kernel display amdgpu_dm driver