CVE-2022-49392
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's 8250_aspeed_vuart driver. If platform_get_resource() fails and returns NULL, the driver could crash the kernel, causing a denial of service. This affects Linux systems using the Aspeed VUART driver, particularly those with Aspeed-based hardware like BMCs.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote power cycle to recover.
Likely Case
System crash or instability during driver initialization, causing temporary denial of service until reboot.
If Mitigated
Minimal impact if system is not using the vulnerable driver or has proper monitoring/reboot capabilities.
🎯 Exploit Status
Exploitation requires specific hardware configuration and driver loading conditions. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 0e0fd55719fa081de6f9e5d9e6cef48efb04d34a, 90a6b6fc52bfdcfe9698454bf5bea26112abbcd1, 923d34ce069e8e51a4d003caa6b66a8cd6ecd0ed, d5f1275f101e0e8a172d300d897f5a12e87e3485
Vendor Advisory: https://git.kernel.org/stable/c/0e0fd55719fa081de6f9e5d9e6cef48efb04d34a
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable Aspeed VUART driver
linuxPrevent loading of the vulnerable driver module
echo 'blacklist 8250_aspeed_vuart' >> /etc/modprobe.d/blacklist.conf
rmmod 8250_aspeed_vuart
🧯 If You Can't Patch
- Ensure systems don't use Aspeed-based hardware requiring this driver
- Implement monitoring for kernel panics and have reboot procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if 8250_aspeed_vuart module is loaded: lsmod | grep 8250_aspeed_vuartCheck Version:
uname -rVerify Fix Applied:
Check kernel version against distribution's patched versions and verify module not loaded or updated📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in kernel logs
- System crash/reboot events
Network Indicators:
- Sudden loss of connectivity to affected system
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "8250_aspeed_vuart")