vulnerability

Debian: CVE-2022-49692: linux -- security update

Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:C)
Published
Feb 27, 2025
Added
Feb 27, 2025
Modified
Mar 13, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

net: phy: at803x: fix NULL pointer dereference on AR9331 PHY

Latest kernel will explode on the PHY interrupt config, since it depends
now on allocated priv. So, run probe to allocate priv to fix it.

ar9331_switch ethernet.1:10 lan0 (uninitialized): PHY [!ahb!ethernet@1a000000!mdio!switch@10:00] driver [Qualcomm Atheros AR9331 built-in PHY] (irq=13)
CPU 0 Unable to handle kernel paging request at virtual address 0000000a, epc == 8050e8a8, ra == 80504b34
...
Call Trace:
[] at803x_config_intr+0x5c/0xd0
[] phy_request_interrupt+0xa8/0xd0
[] phylink_bringup_phy+0x2d8/0x3ac
[] phylink_fwnode_phy_connect+0x118/0x130
[] dsa_slave_create+0x270/0x420
[] dsa_port_setup+0x12c/0x148
[] dsa_register_switch+0xaf0/0xcc0
[ [] mdio_probe+0x44/0x70
[] really_probe+0x200/0x424
[] __driver_probe_device+0x290/0x298
[] driver_probe_device+0x54/0xe4
[] __device_attach_driver+0xe4/0x130
[] bus_for_each_drv+0xb4/0xd8
[] __device_attach+0x104/0x1a4
[] bus_probe_device+0x48/0xc4
[] deferred_probe_work_func+0xf0/0x10c
[] process_one_work+0x314/0x4d4
[] worker_thread+0x2a4/0x354
[] kthread+0x134/0x13c
[] ret_from_kernel_thread+0x14/0x1c

Same Issue would affect some other PHYs (QCA8081, QCA9561), so fix it
too.

Solution

debian-upgrade-linux
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.