CVE-2022-49472
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's Micrel PHY driver allows local attackers to cause a kernel panic (denial of service) by triggering specific conditions during device probing. This affects systems using affected Linux kernel versions with Micrel PHY hardware. The vulnerability requires local access to the system.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting critical services.
Likely Case
System crash requiring reboot, causing temporary service disruption.
If Mitigated
Minimal impact with proper access controls preventing local attackers from triggering the vulnerability.
🎯 Exploit Status
Requires local access and ability to trigger specific PHY device probing conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 143878e18001c5a61fcc7ae5c5240323753bb641, 1e5fbfc2a6f384e3195446c14bbd3bc298eb88c2, 660dfa033ccc9afb032015b6dc76e846bba42cfb, 7dcb404662839a4ed1a9703658fee979eb894ca4, 91e720b32cba25fa58eaa4c88fe957009cffe9f3
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repository. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Restrict local access
linuxLimit local user access to systems with Micrel PHY hardware
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized local users from accessing systems
- Monitor for kernel panic events and implement redundancy for critical services
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if Micrel PHY driver is loaded: lsmod | grep phy_micrelCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond patched commits and check dmesg for kernel stability📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in dmesg or system logs
- NULL pointer dereference errors in kernel logs
Network Indicators:
- Sudden loss of network connectivity on affected interfaces
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "Oops")🔗 References
- https://git.kernel.org/stable/c/143878e18001c5a61fcc7ae5c5240323753bb641
- https://git.kernel.org/stable/c/1e5fbfc2a6f384e3195446c14bbd3bc298eb88c2
- https://git.kernel.org/stable/c/660dfa033ccc9afb032015b6dc76e846bba42cfb
- https://git.kernel.org/stable/c/7dcb404662839a4ed1a9703658fee979eb894ca4
- https://git.kernel.org/stable/c/91e720b32cba25fa58eaa4c88fe957009cffe9f3
- https://git.kernel.org/stable/c/abb5594ae2ba7b82cce85917cc6337ec5d774837
- https://git.kernel.org/stable/c/bd219273b4e004a3f853da72e111fc8f81357501
- https://git.kernel.org/stable/c/f2ef6f7539c68c6bd6c32323d8845ee102b7c450
