Vulnerability Details : CVE-2022-49072
In the Linux kernel, the following vulnerability has been resolved:
gpio: Restrict usage of GPIO chip irq members before initialization
GPIO chip irq members are exposed before they could be completely
initialized and this leads to race conditions.
One such issue was observed for the gc->irq.domain variable which
was accessed through the I2C interface in gpiochip_to_irq() before
it could be initialized by gpiochip_add_irqchip(). This resulted in
Kernel NULL pointer dereference.
Following are the logs for reference :-
kernel: Call Trace:
kernel: gpiod_to_irq+0x53/0x70
kernel: acpi_dev_gpio_irq_get_by+0x113/0x1f0
kernel: i2c_acpi_get_irq+0xc0/0xd0
kernel: i2c_device_probe+0x28a/0x2a0
kernel: really_probe+0xf2/0x460
kernel: RIP: 0010:gpiochip_to_irq+0x47/0xc0
To avoid such scenarios, restrict usage of GPIO chip irq members before
they are completely initialized.
Vulnerability category: Memory Corruption
Products affected by CVE-2022-49072
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2022-49072
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-49072
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2022-49072 | 2025-02-27 |
References for CVE-2022-49072
-
https://git.kernel.org/stable/c/f8dea54f74cae8c2e4d7b2952e8fed7743a85c87
-
https://git.kernel.org/stable/c/0912cf021fb5749372b3782611d8b1de4986c13a
-
https://git.kernel.org/stable/c/5467801f1fcbdc46bc7298a84dbf3ca1ff2a7320
-
https://git.kernel.org/stable/c/7e88a50704b0c49ad3f2d11e8b963341cf68a89f
-
https://git.kernel.org/stable/c/2c1fa3614795e2b24da1ba95de0b27b8f6ea4537
Jump to