#VU104578 NULL pointer dereference in Linux kernel - CVE-2022-49459

Cybersecurity Help s.r.o.

Published: 2025-02-26 | Updated: 2025-05-11

Vulnerability identifier: #VU104578

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49459

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sr_thermal_probe() function in drivers/thermal/broadcom/sr-thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.15, 5.15 rc1, 5.15 rc2, 5.15 rc3, 5.15 rc4, 5.15 rc5, 5.15 rc6, 5.15 rc7, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.15.8, 5.15.9, 5.15.10, 5.15.11, 5.15.12, 5.15.13, 5.15.14, 5.15.15, 5.15.16, 5.15.17, 5.15.18, 5.15.19, 5.15.20, 5.15.21, 5.15.22, 5.15.23, 5.15.24, 5.15.25, 5.15.26, 5.15.27, 5.15.28, 5.15.29, 5.15.30, 5.15.31, 5.15.32, 5.15.33, 5.15.34, 5.15.35, 5.15.36, 5.15.37, 5.15.38, 5.15.39, 5.15.40, 5.15.41, 5.15.42, 5.15.43, 5.15.44, 5.15.45

External links
https://git.kernel.org/stable/c/61621e042c22b47d1eadee617bdd26835294b425
https://git.kernel.org/stable/c/79098339ac2065f4b4352ef5921628970b6f47e6
https://git.kernel.org/stable/c/b3461ccaa5d2588568d865faee285512ad448049
https://git.kernel.org/stable/c/e20d136ec7d6f309989c447638365840d3424c8e
https://git.kernel.org/stable/c/ee9b6b02e8c140323ed46d6602d805ea735c7719
https://git.kernel.org/stable/c/ef1235c6514a58f274246cf4a2d5f4e40af539ce
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.46

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

NULL pointer dereference in Linux kernel thermal broadcom driver