CVE-2022-49758
📋 TL;DR
This vulnerability is a null pointer dereference in the Linux kernel's uniphier-glue reset driver. It occurs when platform_get_resource() returns NULL, causing resource_size() to dereference a null pointer. This affects Linux systems using the uniphier-glue reset driver, potentially causing kernel crashes or denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote reboot.
Likely Case
Kernel oops or system instability when the specific reset driver code path is triggered.
If Mitigated
Minor system disruption if kernel panic handlers recover gracefully, but still requires reboot.
🎯 Exploit Status
Exploitation requires triggering the specific driver code path, which may need hardware access or specific system conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 3a2390c6777e3f6662980c6cfc25cafe9e4fef98, 633bad3dc81ce2aa561f704ec091e49eb647bd0b, or 95de286200b2a046da01c4aeba02ae9220d68ca4 applied.
Vendor Advisory: https://git.kernel.org/stable/c/3a2390c6777e3f6662980c6cfc25cafe9e4fef98
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable uniphier-glue reset driver
linuxRemove or blacklist the vulnerable driver module if not required for system functionality.
echo 'blacklist uniphier-glue' >> /etc/modprobe.d/blacklist.conf
rmmod uniphier_glue_reset
🧯 If You Can't Patch
- Restrict local user access to prevent potential exploitation by malicious users.
- Implement kernel crash monitoring and automatic recovery mechanisms.
🔍 How to Verify
Check if Vulnerable:
Check if uniphier-glue driver is loaded: lsmod | grep uniphier_glue. Check kernel version against patched commits.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: git log --oneline | grep -E '3a2390c6777e|633bad3dc81c|95de286200b2'📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages in /var/log/kern.log or dmesg
- System crash/panic logs
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kern.log" AND "Oops" AND "uniphier" OR source="dmesg" AND "panic"