CVE-2022-49490 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2022-49490?

CVE-2022-49490 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's MSM DRM driver could cause kernel crashes or denial of service. This affects systems using Qualcomm Adreno GPUs with the msm DRM driver. Attackers with local access could trigger the vulnerability to crash the kernel.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's MSM DRM driver could cause kernel crashes or denial of service. This affects systems using Qualcomm Adreno GPUs with the msm DRM driver. Attackers with local access could trigger the vulnerability to crash the kernel.

💻 Affected Systems

Products:

Linux kernel with MSM DRM driver (Qualcomm Adreno GPU support)

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using Qualcomm Adreno GPUs with the msm DRM driver enabled. Most desktop/server systems are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

Local denial of service through kernel crash, requiring system reboot to recover.

🟢

If Mitigated

Minimal impact with proper access controls preventing local attackers from accessing the vulnerable interface.

🌐 Internet-Facing: LOW - Requires local access to the system, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local attackers or malicious users could crash the system, but requires specific hardware/driver configuration.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger the specific DRM operations. No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 04bef5f1ba8ea6d7c1c8f5f65e0395c62db59cb8 and later

Vendor Advisory: https://git.kernel.org/stable/c/04bef5f1ba8ea6d7c1c8f5f65e0395c62db59cb8

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable MSM DRM driver

linux

Remove or blacklist the msm DRM driver if not needed

echo 'blacklist msm' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u

🧯 If You Can't Patch

Restrict local user access to prevent untrusted users from running graphical applications
Implement strict access controls and monitor for abnormal system crashes

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if msm DRM driver is loaded: 'uname -r' and 'lsmod | grep msm'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and contains the fix commits: 'uname -r' and check kernel changelog

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
NULL pointer dereference errors in kernel logs

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "BUG: unable to handle kernel")

📊 Metadata

CVE ID: CVE-2022-49490

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.04% exploit probability (10.1th percentile)

Published: February 26, 2025

Last Updated: October 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49490, you might also want to check these: