CVE-2022-49475 – This CVE describes a null pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2022-49475?

CVE-2022-49475 has a CVSS score of 5.5 (MEDIUM). This CVE describes a null pointer dereference vulnerability in the Linux kernel's SPI-FSL-QSPI driver. If exploited, it could cause a kernel panic leading to denial of service. Systems using affected Linux kernel versions with the Freescale QSPI controller driver are vulnerable.

📋 TL;DR

This CVE describes a null pointer dereference vulnerability in the Linux kernel's SPI-FSL-QSPI driver. If exploited, it could cause a kernel panic leading to denial of service. Systems using affected Linux kernel versions with the Freescale QSPI controller driver are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific kernel versions containing the vulnerable code; exact range depends on distribution backports

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if the system uses the SPI-FSL-QSPI driver (typically found on Freescale/NXP PowerPC and ARM platforms with QSPI hardware). Most general-purpose systems are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical access to restart the system.

🟠

Likely Case

System crash or instability when the vulnerable driver code path is triggered, resulting in temporary denial of service.

🟢

If Mitigated

Minimal impact if system doesn't use the affected SPI-FSL-QSPI driver or has proper kernel hardening protections.

🌐 Internet-Facing: LOW - This is a local kernel driver vulnerability requiring local access or ability to trigger the specific driver functionality.

🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the vulnerability to cause denial of service on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering the specific driver code path, which typically requires local access and specific hardware/driver usage patterns.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel commits: 10f537219629769498ecb8515e096be213224c24, 33dda87d04598ac5d9a849218a373443f7d3de66, 560dcbe1c7a78f597f2167371ebdbe2bca3d0735, 9d9c84825c3ec359b165c762a424cfdefe87fdd7, a2b331ac11e1cac56f5b7d367e9f3c5796deaaed

Vendor Advisory: https://git.kernel.org/stable/c/10f537219629769498ecb8515e096be213224c24

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your Linux distribution vendor. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version or driver behavior.

🔧 Temporary Workarounds

Disable SPI-FSL-QSPI driver

linux

If the QSPI hardware is not needed, blacklist or disable the vulnerable driver module

echo 'blacklist spi-fsl-qspi' >> /etc/modprobe.d/blacklist.conf
rmmod spi-fsl-qspi

🧯 If You Can't Patch

Restrict local user access to systems using the vulnerable driver
Implement kernel hardening features like KASLR and stack protection to reduce exploit impact

🔍 How to Verify

Check if Vulnerable:

Check if the spi-fsl-qspi module is loaded: lsmod | grep spi-fsl-qspi

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions from your distribution vendor

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
NULL pointer dereference errors in kernel logs

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "spi-fsl-qspi")

📊 Metadata

CVE ID: CVE-2022-49475

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.09% exploit probability (25.6th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49475, you might also want to check these: