Login Sign Up

CVE-2022-49083

5.5 MEDIUM

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's OMAP IOMMU driver allows local attackers to cause a kernel panic (denial of service). This affects Linux systems using OMAP IOMMU hardware, primarily ARM-based devices like embedded systems and IoT devices.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions between specific commits (after 6785eb9105e3 and before fixes in stable branches)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when using OMAP IOMMU hardware (common in ARM-based embedded systems). Most x86 systems not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical reboot.

🟠

Likely Case

System crash when IOMMU device probing occurs during boot or device initialization.

🟢

If Mitigated

No impact if system doesn't use OMAP IOMMU or vulnerability is patched.

🌐 Internet-Facing: LOW - Requires local access to trigger.
🏢 Internal Only: MEDIUM - Local attackers could crash systems, but requires specific hardware configuration.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Triggering requires local access and specific hardware configuration. No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in stable kernel branches via commits: 1d89f2b9eadb, 47e239117bd9, 71ff461c3f41, bd905fed87ce, ea518578aa8a

Vendor Advisory: https://git.kernel.org/stable/c/1d89f2b9eadbcf3ce93c6d7238f68299a1f84968

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. For embedded systems: Rebuild kernel with patches from stable tree. 3. Reboot system after update.

🔧 Temporary Workarounds

Disable OMAP IOMMU

linux

If not needed, disable OMAP IOMMU support in kernel configuration

Rebuild kernel with CONFIG_OMAP_IOMMU=n

🧯 If You Can't Patch

  • Restrict local access to affected systems
  • Monitor for kernel panic events and system crashes

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if OMAP IOMMU is enabled: 'uname -r' and check kernel config for CONFIG_OMAP_IOMMU

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond patched commits and system boots without IOMMU-related crashes

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • NULL pointer dereference in dmesg
  • IOMMU probe failure logs

Network Indicators:

  • None - local vulnerability

SIEM Query:

Search for: 'kernel panic', 'NULL pointer dereference', 'omap_iommu' in system logs

📊 Metadata

CVE ID: CVE-2022-49083
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.04% exploit probability (10th percentile)
Published: February 26, 2025
Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49083, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)