#VU104622 NULL pointer dereference in Linux kernel - CVE-2022-49061

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104622

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49061

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the socfpga_dwmac_fix_mac_speed() function in drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c, within the TSE_PCS_USE_SGMII_ENA BIT() and tse_pcs_fix_mac_speed() functions in drivers/net/ethernet/stmicro/stmmac/altr_tse_pcs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/08d5e3e954537931c8da7428034808d202e98299
https://git.kernel.org/stable/c/62a48383ebe2e159fd68425dd3e16d4c6bd6599a
https://git.kernel.org/stable/c/6c020f05253df04c3480b586fe188a3582740049
https://git.kernel.org/stable/c/7e59fdf9547c4f948d1d917ec7ffa5fb5ac53bdb
https://git.kernel.org/stable/c/a6aaa00324240967272b451bfa772547bd576ee6

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

NULL pointer dereference in Linux kernel stmicro stmmac driver