vulnerability
Debian: CVE-2022-49692: linux -- security update
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:L/Au:N/C:C/I:N/A:C) | Feb 27, 2025 | Feb 27, 2025 | Mar 13, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
net: phy: at803x: fix NULL pointer dereference on AR9331 PHY
Latest kernel will explode on the PHY interrupt config, since it depends
now on allocated priv. So, run probe to allocate priv to fix it.
ar9331_switch ethernet.1:10 lan0 (uninitialized): PHY [!ahb!ethernet@1a000000!mdio!switch@10:00] driver [Qualcomm Atheros AR9331 built-in PHY] (irq=13)
CPU 0 Unable to handle kernel paging request at virtual address 0000000a, epc == 8050e8a8, ra == 80504b34
...
Call Trace:
[] at803x_config_intr+0x5c/0xd0
[] phy_request_interrupt+0xa8/0xd0
[] phylink_bringup_phy+0x2d8/0x3ac
[] phylink_fwnode_phy_connect+0x118/0x130
[] dsa_slave_create+0x270/0x420
[] dsa_port_setup+0x12c/0x148
[] dsa_register_switch+0xaf0/0xcc0
[ [] mdio_probe+0x44/0x70
[] really_probe+0x200/0x424
[] __driver_probe_device+0x290/0x298
[] driver_probe_device+0x54/0xe4
[] __device_attach_driver+0xe4/0x130
[] bus_for_each_drv+0xb4/0xd8
[] __device_attach+0x104/0x1a4
[] bus_probe_device+0x48/0xc4
[] deferred_probe_work_func+0xf0/0x10c
[] process_one_work+0x314/0x4d4
[] worker_thread+0x2a4/0x354
[] kthread+0x134/0x13c
[] ret_from_kernel_thread+0x14/0x1c
Same Issue would affect some other PHYs (QCA8081, QCA9561), so fix it
too.
Solution

Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.