CVE-2022-49692

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/66fa352215e8455ba2e5f33793535795bd3e36ca", "name": "https://git.kernel.org/stable/c/66fa352215e8455ba2e5f33793535795bd3e36ca", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/9926de7315be3d606cc011a305ad9adb9e8e14c9", "name": "https://git.kernel.org/stable/c/9926de7315be3d606cc011a305ad9adb9e8e14c9", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: at803x: fix NULL pointer dereference on AR9331 PHY\n\nLatest kernel will explode on the PHY interrupt config, since it depends\nnow on allocated priv. So, run probe to allocate priv to fix it.\n\n ar9331_switch ethernet.1:10 lan0 (uninitialized): PHY [!ahb!ethernet@1a000000!mdio!switch@10:00] driver [Qualcomm Atheros AR9331 built-in PHY] (irq=13)\n CPU 0 Unable to handle kernel paging request at virtual address 0000000a, epc == 8050e8a8, ra == 80504b34\n ...\n Call Trace:\n [<8050e8a8>] at803x_config_intr+0x5c/0xd0\n [<80504b34>] phy_request_interrupt+0xa8/0xd0\n [<8050289c>] phylink_bringup_phy+0x2d8/0x3ac\n [<80502b68>] phylink_fwnode_phy_connect+0x118/0x130\n [<8074d8ec>] dsa_slave_create+0x270/0x420\n [<80743b04>] dsa_port_setup+0x12c/0x148\n [<8074580c>] dsa_register_switch+0xaf0/0xcc0\n [<80511344>] ar9331_sw_probe+0x370/0x388\n [<8050cb78>] mdio_probe+0x44/0x70\n [<804df300>] really_probe+0x200/0x424\n [<804df7b4>] __driver_probe_device+0x290/0x298\n [<804df810>] driver_probe_device+0x54/0xe4\n [<804dfd50>] __device_attach_driver+0xe4/0x130\n [<804dcb00>] bus_for_each_drv+0xb4/0xd8\n [<804dfac4>] __device_attach+0x104/0x1a4\n [<804ddd24>] bus_probe_device+0x48/0xc4\n [<804deb44>] deferred_probe_work_func+0xf0/0x10c\n [<800a0ffc>] process_one_work+0x314/0x4d4\n [<800a17fc>] worker_thread+0x2a4/0x354\n [<800a9a54>] kthread+0x134/0x13c\n [<8006306c>] ret_from_kernel_thread+0x14/0x1c\n\nSame Issue would affect some other PHYs (QCA8081, QCA9561), so fix it\ntoo."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-476"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-49692", "ASSIGNER": "cve@kernel.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2025-02-26T07:01Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.18.8", "versionStartIncluding": "5.18"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-11T22:27Z"}