#VU104572 NULL pointer dereference in Linux kernel - CVE-2022-49435

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104572

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49435

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the davinci_vc_probe() function in drivers/mfd/davinci_voicecodec.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/2d00158a06efe6bbcd020108634ea0f2ed8b32f7
https://git.kernel.org/stable/c/311242c7703df0da14c206260b7e855f69cb0264
https://git.kernel.org/stable/c/49c1e32e7b3f301642a60448700ec531df981269
https://git.kernel.org/stable/c/5289795824b77489803b0802cd9edc13824a2d0b
https://git.kernel.org/stable/c/579944b9f38727d9ff570b58f83bc424e8af8398
https://git.kernel.org/stable/c/a1d4941d9a24999f680799f9bbde7f57351ca637

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

NULL pointer dereference in Linux kernel mfd driver