CVE-2022-49756 – A null pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2022-49756?

CVE-2022-49756 has a CVSS score of 5.5 (MEDIUM). A null pointer dereference vulnerability in the Linux kernel's Sunplus USB PHY driver could allow local attackers to cause a kernel panic (system crash) or potentially execute arbitrary code. This affects Linux systems with the sp_usb_phy driver loaded, typically on devices using Sunplus USB PHY hardware. Attackers need local access to exploit this vulnerability.

📋 TL;DR

A null pointer dereference vulnerability in the Linux kernel's Sunplus USB PHY driver could allow local attackers to cause a kernel panic (system crash) or potentially execute arbitrary code. This affects Linux systems with the sp_usb_phy driver loaded, typically on devices using Sunplus USB PHY hardware. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with the vulnerable sp_usb_phy driver before the fix commits

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if the sp_usb_phy driver is loaded (requires Sunplus USB PHY hardware). Most standard Linux installations won't have this driver loaded by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution if combined with other vulnerabilities.

🟠

Likely Case

Local denial of service through kernel panic/crash when the driver fails to properly handle resource allocation failures.

🟢

If Mitigated

No impact if the driver isn't loaded or the system is patched.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local attackers or malicious users could crash the system, but requires driver to be loaded and specific hardware.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger the driver probe function with specific conditions. No public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits 17eee264ef386ef30a69dd70e36f29893b85c170 and d838b5c99bcecd593b4710a93fce8fdbf122395b

Vendor Advisory: https://git.kernel.org/stable/c/17eee264ef386ef30a69dd70e36f29893b85c170

Restart Required: Yes

Instructions:

1. Update to a kernel version containing the fix commits. 2. Reboot the system. 3. Verify the driver is no longer vulnerable.

🔧 Temporary Workarounds

Disable sp_usb_phy driver

linux

Prevent loading of the vulnerable driver if not needed

echo 'blacklist sp_usb_phy' > /etc/modprobe.d/blacklist-sp_usb_phy.conf
rmmod sp_usb_phy

🧯 If You Can't Patch

Ensure the sp_usb_phy driver is not loaded (check with lsmod)
Restrict local user access to systems with this driver loaded

🔍 How to Verify

Check if Vulnerable:

Check if sp_usb_phy driver is loaded: lsmod | grep sp_usb_phy. If loaded and kernel version is before fix commits, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits or verify sp_usb_phy driver is not loaded/crashing.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
NULL pointer dereference in kernel logs
sp_usb_phy driver crash logs

Network Indicators:

None - local vulnerability only

SIEM Query:

kernel: *NULL pointer dereference* OR kernel: *sp_usb_phy* AND (panic OR oops)

📊 Metadata

CVE ID: CVE-2022-49756

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.07% exploit probability (22.2th percentile)

Published: March 27, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49756, you might also want to check these: