CVE-2022-48749 – This CVE describes a NULL pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2022-48749?

CVE-2022-48749 has a CVSS score of 5.5 (MEDIUM). This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's MSM DPU display driver. An attacker could potentially cause a kernel panic or system crash by triggering this vulnerability. This affects systems running vulnerable Linux kernel versions with the MSM DPU driver enabled.

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's MSM DPU display driver. An attacker could potentially cause a kernel panic or system crash by triggering this vulnerability. This affects systems running vulnerable Linux kernel versions with the MSM DPU driver enabled.

💻 Affected Systems

Products:

Linux kernel with MSM DPU driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if the MSM DPU driver is enabled and compiled into the kernel. This driver is typically used on Qualcomm-based systems.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service (system crash), potentially allowing privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Local denial of service through kernel panic or system instability.

🟢

If Mitigated

Minimal impact if system has proper access controls and the vulnerability cannot be triggered by unprivileged users.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access to trigger.

🏢 Internal Only: MEDIUM - Could be exploited by malicious local users or through compromised applications to cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger the vulnerable function. No public exploit code has been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 170b22234d5495f5e0844246e23f004639ee89ba, 1ebc18836d5df09061657f8c548e594cbb519476, 8f069f6dde518dfebe86e848508c07e497bd9298, 93a6e920d8ccb4df846c03b6e72f7e08843d294c

Vendor Advisory: https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable MSM DPU driver

linux

Remove or disable the vulnerable driver module if not required

modprobe -r msm_dpu
echo 'blacklist msm_dpu' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable kernels
Implement strict application sandboxing to limit potential exploitation vectors

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if MSM DPU driver is loaded: 'uname -r' and 'lsmod | grep msm_dpu'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and contains the fix commits: 'uname -r' and check kernel changelog

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
System crash/reboot events

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "NULL pointer dereference" OR "Oops")

📊 Metadata

CVE ID: CVE-2022-48749

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: June 20, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48749, you might also want to check these: