vulnerability

Debian: CVE-2022-49832: linux -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	May 1, 2025	May 5, 2025	Mar 30, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

May 1, 2025

Added

May 5, 2025

Modified

Mar 30, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map

Here is the BUG report by KASAN about null pointer dereference:

BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50
Read of size 1 at addr 0000000000000000 by task python3/2640
Call Trace:
strcmp
__of_find_property
of_find_property
pinctrl_dt_to_map

kasprintf() would return NULL pointer when kmalloc() fail to allocate.
So directly return ENOMEM, if kasprintf() return NULL pointer.

Solution

debian-upgrade-linux

References

CVE-2022-49832
https://attackerkb.com/topics/CVE-2022-49832
CWE-476
EUVD-EUVD-2025-12943
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-12943

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report