vulnerability
Ubuntu: (CVE-2022-49187): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Feb 26, 2025 | Mar 19, 2025 | Sep 1, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
clk: Fix clk_hw_get_clk() when dev is NULL
Any registered clk_core structure can have a NULL pointer in its dev
field. While never actually documented, this is evidenced by the wide
usage of clk_register and clk_hw_register with a NULL device pointer,
and the fact that the core of_clk_hw_register() function also passes a
NULL device pointer.
A call to clk_hw_get_clk() on a clk_hw struct whose clk_core is in that
case will result in a NULL pointer derefence when it calls dev_name() on
that NULL device pointer.
Add a test for this case and use NULL as the dev_id if the device
pointer is NULL.
Solutions
References
- CVE-2022-49187
- https://attackerkb.com/topics/CVE-2022-49187
- CWE-476
- URL-https://git.kernel.org/linus/0c1b56df451716ba207bbf59f303473643eee4fd
- URL-https://git.kernel.org/stable/c/0c1b56df451716ba207bbf59f303473643eee4fd
- URL-https://git.kernel.org/stable/c/23f89fe005b105f0dcc55034c13eb89f9b570fac
- URL-https://git.kernel.org/stable/c/4be3e4c05d8dd1b83b75652cad88c9e752ec7054
- URL-https://git.kernel.org/stable/c/d183f20cf5a7b546d4108e796b98210ceb317579
- URL-https://www.cve.org/CVERecord?id=CVE-2022-49187
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.