CVE-2022-49488 – This vulnerability is a NULL pointer dereferenc... (How to Fix)

Q: What is the severity of CVE-2022-49488?

CVE-2022-49488 has a CVSS score of 5.5 (MEDIUM). This vulnerability is a NULL pointer dereference in the Linux kernel's MSM DRM/MDP5 display driver. When a deadlock occurs while acquiring the modeset lock, the mdp5_mixer_release function fails to check for error codes, potentially leading to kernel crashes or denial of service. Systems using affected Linux kernel versions with MSM DRM/MDP5 display drivers are vulnerable.

📋 TL;DR

This vulnerability is a NULL pointer dereference in the Linux kernel's MSM DRM/MDP5 display driver. When a deadlock occurs while acquiring the modeset lock, the mdp5_mixer_release function fails to check for error codes, potentially leading to kernel crashes or denial of service. Systems using affected Linux kernel versions with MSM DRM/MDP5 display drivers are vulnerable.

💻 Affected Systems

Products:

Linux kernel with MSM DRM/MDP5 display driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using Qualcomm MSM/MDP5 display hardware. Most desktop/server systems are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical access to restart the system.

🟠

Likely Case

System instability, display subsystem crashes, or application crashes when display operations encounter deadlock conditions.

🟢

If Mitigated

Minor performance impact from proper error handling with no security compromise.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger display subsystem operations.

🏢 Internal Only: MEDIUM - Local users or processes with display access could trigger the condition.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger specific display subsystem operations that cause deadlock conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 09bdeedc1fc53e64b8282e1de67752c69e43bdba or later

Vendor Advisory: https://patchwork.freedesktop.org/patch/485181/

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable MSM DRM/MDP5 driver

linux

Remove or blacklist the affected display driver if not needed

echo 'blacklist msm' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u

🧯 If You Can't Patch

Restrict local user access to systems with affected hardware
Monitor system logs for kernel panic or display subsystem errors

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if MSM DRM driver is loaded: 'uname -r' and 'lsmod | grep msm'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is after fix commits and check dmesg for no related errors

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
NULL pointer dereference in dmesg
Display subsystem crash logs

Network Indicators:

None - local vulnerability

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "mdp5" OR "EDEADLK")

📊 Metadata

CVE ID: CVE-2022-49488

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.04% exploit probability (10.1th percentile)

Published: February 26, 2025

Last Updated: October 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49488, you might also want to check these: