CVE-2022-49021

Q: What is the severity of CVE-2022-49021?

CVE-2022-49021 has a CVSS score of 5.5 (MEDIUM). This vulnerability is a NULL pointer dereference in the Linux kernel's PHY subsystem that occurs when a network PHY device probe fails. It allows local attackers to cause a kernel panic (denial of service) by triggering specific fault conditions during device initialization. Systems running affected Linux kernel versions with network PHY devices are vulnerable.

5.5 MEDIUM

Denial of Service

📋 TL;DR

This vulnerability is a NULL pointer dereference in the Linux kernel's PHY subsystem that occurs when a network PHY device probe fails. It allows local attackers to cause a kernel panic (denial of service) by triggering specific fault conditions during device initialization. Systems running affected Linux kernel versions with network PHY devices are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires network PHY devices and specific fault conditions during device probe. More likely in embedded systems or virtualized environments with PHY emulation.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.

🟠

Likely Case

Local denial of service through kernel panic when specific fault injection or hardware initialization failures occur.

🟢

If Mitigated

No impact if patched or if fault conditions aren't triggered during PHY device initialization.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger specific hardware initialization failures.

🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the vulnerability through fault injection or hardware manipulation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access and ability to trigger specific hardware initialization failures or fault injection conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 0744c7be4de564db03e24527b2e096b7e0e20972, 369eb2c9f1f72adbe91e0ea8efb130f0a2ba11a6, 3e21f85d87c836462bb52ef2078ea561260935c1, 51d7f6b20fae8bae64ad1136f1e30d1fd5ba78f7, 7730904f50c7187dd16c76949efb56b5fb55cd57

Vendor Advisory: https://git.kernel.org/stable/c/0744c7be4de564db03e24527b2e096b7e0e20972

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable fault injection

linux

Prevent fault injection mechanisms that could trigger the vulnerability

echo 0 > /sys/kernel/debug/fail*/probability

Restrict hardware access

linux

Limit access to PHY device initialization to privileged users only

chmod 600 /sys/class/net/*/phydev/*
setfacl -m u:root:rw /sys/class/net/*/phydev/*

🧯 If You Can't Patch

Restrict local user access to systems with network PHY devices
Implement strict privilege separation and limit access to hardware initialization interfaces

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if it contains the fix commits: uname -r and examine kernel source or distribution security advisories

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check that the fix commits are present in kernel source

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages with NULL pointer dereference at address 0000000000000058
BUG: kernel NULL pointer dereference in klist_put
PHY device probe failure messages

Network Indicators:

Sudden network interface disappearance after device initialization

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "klist_put" OR "PHY probe failed")

📊 Metadata

CVE ID: CVE-2022-49021

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: October 21, 2024

Last Updated: October 24, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable fault injection

Restrict hardware access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities