NULL pointer dereference in Linux kernel mfd driver



| Updated: 2025-05-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49435
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU104572

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49435

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the davinci_vc_probe() function in drivers/mfd/davinci_voicecodec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.10 - 5.10.120

CPE2.3 External links

https://git.kernel.org/stable/c/2d00158a06efe6bbcd020108634ea0f2ed8b32f7
https://git.kernel.org/stable/c/311242c7703df0da14c206260b7e855f69cb0264
https://git.kernel.org/stable/c/49c1e32e7b3f301642a60448700ec531df981269
https://git.kernel.org/stable/c/5289795824b77489803b0802cd9edc13824a2d0b
https://git.kernel.org/stable/c/579944b9f38727d9ff570b58f83bc424e8af8398
https://git.kernel.org/stable/c/a1d4941d9a24999f680799f9bbde7f57351ca637
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.121


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###