CVE-2022-49046
📋 TL;DR
This CVE is a null pointer dereference vulnerability in the Linux kernel's i2c device subsystem. If dev_set_name() fails during i2c device creation, subsequent access to the device name could cause a kernel panic or system crash. This affects systems using i2c devices with the vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical access to reboot the system.
Likely Case
System crash or kernel panic when creating i2c devices under specific error conditions, causing temporary denial of service.
If Mitigated
Minimal impact as this requires specific error conditions during i2c device creation and is not easily triggerable remotely.
🎯 Exploit Status
Exploitation requires specific conditions where dev_set_name() fails, making reliable exploitation difficult. Requires local access or ability to create i2c devices.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits: 2e539b17d4cbe5fb8b5152dd9a6e4a8828f97db2, 2f345bb14ad4744950499ff222e2899209297afa, 993eb48fa199b5f476df8204e652eff63dd19361, c74d77a2d07744147d734138acd6ce9dba715e5d
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For Debian systems, apply security updates via apt. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable i2c device creation
linuxPrevent creation of new i2c devices to avoid triggering the vulnerability
echo 'blacklist i2c-dev' > /etc/modprobe.d/disable-i2c-dev.conf
rmmod i2c-dev
🧯 If You Can't Patch
- Restrict i2c device creation to trusted users only
- Monitor system logs for kernel panic events and i2c device creation failures
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with affected versions. Check if i2c-dev module is loaded: lsmod | grep i2c_devCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check dmesg for i2c-related errors after attempting i2c operations.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference in kernel logs
- i2c device creation failure logs
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "i2c" AND "dev_set_name")🔗 References
- https://git.kernel.org/stable/c/2e539b17d4cbe5fb8b5152dd9a6e4a8828f97db2
- https://git.kernel.org/stable/c/2f345bb14ad4744950499ff222e2899209297afa
- https://git.kernel.org/stable/c/993eb48fa199b5f476df8204e652eff63dd19361
- https://git.kernel.org/stable/c/c74d77a2d07744147d734138acd6ce9dba715e5d
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
