CVE-2022-49070: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix unregistering of framebuffers without device OF framebuffers do not have an underlying device in the Linux device hierarchy. Do a regular unregister call instead of hot unplugging such a non-existing device. Fixes a NULL dereference. An example error message on ppc64le is shown below. BUG: Kernel NULL pointer dereference on read at 0x00000060 Faulting instruction address: 0xc00000000080dfa4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries [...] CPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1 NIP: c00000000080dfa4 LR: c00000000080df9c CTR: c000000000797430 REGS: c000000004132fe0 TRAP: 0300 Not tainted (5.17.0-ae085d7f9365) MSR: 8000000002009033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: 28228282 XER: 20000000 CFAR: c00000000000c80c DAR: 0000000000000060 DSISR: 40000000 IRQMASK: 0 GPR00: c00000000080df9c c000000004133280 c00000000169d200 0000000000000029 GPR04: 00000000ffffefff c000000004132f90 c000000004132f88 0000000000000000 GPR08: c0000000015658f8 c0000000015cd200 c0000000014f57d0 0000000048228283 GPR12: 0000000000000000 c00000003fffe300 0000000020000000 0000000000000000 GPR16: 0000000000000000 0000000113fc4a40 0000000000000005 0000000113fcfb80 GPR20: 000001000f7283b0 0000000000000000 c000000000e4a588 c000000000e4a5b0 GPR24: 0000000000000001 00000000000a0000 c008000000db0168 c0000000021f6ec0 GPR28: c0000000016d65a8 c000000004b36460 0000000000000000 c0000000016d64b0 NIP [c00000000080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0 [c000000004133280] [c00000000080df9c] do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable) [c000000004133350] [c00000000080e4d0] remove_conflicting_framebuffers+0x60/0x150 [c0000000041333a0] [c00000000080e6f4] remove_conflicting_pci_framebuffers+0x134/0x1b0 [c000000004133450] [c008000000e70438] drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm] [c000000004133490] [c008000000da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs] [...] [c000000004133db0] [c00000000002aaa0] system_call_exception+0x170/0x2d0 [c000000004133e10] [c00000000000c3cc] system_call_common+0xec/0x250 The bug [1] was introduced by commit 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal"). Most firmware framebuffers have an underlying platform device, which can be hot-unplugged before loading the native graphics driver. OF framebuffers do not (yet) have that device. Fix the code by unregistering the framebuffer as before without a hot unplug. Tested with 5.17 on qemu ppc64le emulation.
AI Analysis
Technical Summary
CVE-2022-49070 is a vulnerability in the Linux kernel related to the framebuffer device (fbdev) subsystem. The issue arises from improper handling of framebuffers that do not have an underlying device in the Linux device hierarchy, specifically Open Firmware (OF) framebuffers. The vulnerability is caused by the kernel attempting to hot-unplug a non-existent device during framebuffer unregistration, leading to a NULL pointer dereference and subsequent kernel crash (kernel oops). This bug was introduced by a commit that implemented hot-unplugging of firmware framebuffer devices on forced removal. However, OF framebuffers lack an associated platform device, so the hot-unplug logic is inappropriate for them. The fix involves reverting to a regular unregister call for such framebuffers instead of hot-unplugging, preventing the NULL dereference. The vulnerability manifests as a kernel panic or crash, which can disrupt system availability. It has been tested on Linux kernel version 5.17 on ppc64le architecture under QEMU emulation. The vulnerability does not appear to have known exploits in the wild and does not have an assigned CVSS score. The root cause is a logic error in device management code affecting framebuffer removal, leading to a denial-of-service condition through kernel crashes when certain framebuffers are unregistered improperly.
Potential Impact
For European organizations running Linux systems, especially those utilizing the affected kernel versions or custom kernels derived from them, this vulnerability can cause system instability and denial of service due to kernel crashes. Systems using OF framebuffers or operating on architectures like ppc64le (common in some enterprise and embedded environments) are particularly at risk. The impact is primarily on availability, as the kernel NULL pointer dereference leads to a crash, potentially causing service interruptions. This can affect servers, embedded devices, or specialized hardware running Linux kernels with the vulnerable framebuffer handling code. While confidentiality and integrity are not directly impacted, the availability disruption can affect critical infrastructure, industrial control systems, or data centers relying on Linux. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted triggering of the bug, especially during device removal or driver updates. Organizations with high availability requirements or those using Linux in embedded or specialized hardware contexts should be aware of this risk.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix this vulnerability as soon as they become available from trusted sources or Linux distributions. 2. For organizations using custom or embedded Linux kernels, ensure the framebuffer unregistration code is updated to avoid hot-unplug calls on OF framebuffers. 3. Monitor kernel updates and security advisories from Linux vendors and distributions to promptly incorporate fixes. 4. Implement robust system monitoring to detect kernel crashes or oops events related to framebuffer operations, enabling rapid response and system recovery. 5. Where possible, avoid forced removal or hot-unplugging of framebuffer devices on affected systems until patched. 6. Test kernel updates in controlled environments, especially on ppc64le or other affected architectures, to validate stability before production deployment. 7. Consider architectural mitigations such as isolating critical services on separate hardware or virtual machines to limit impact of kernel crashes. 8. Maintain regular backups and disaster recovery plans to minimize downtime caused by unexpected kernel panics.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2022-49070: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix unregistering of framebuffers without device OF framebuffers do not have an underlying device in the Linux device hierarchy. Do a regular unregister call instead of hot unplugging such a non-existing device. Fixes a NULL dereference. An example error message on ppc64le is shown below. BUG: Kernel NULL pointer dereference on read at 0x00000060 Faulting instruction address: 0xc00000000080dfa4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries [...] CPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1 NIP: c00000000080dfa4 LR: c00000000080df9c CTR: c000000000797430 REGS: c000000004132fe0 TRAP: 0300 Not tainted (5.17.0-ae085d7f9365) MSR: 8000000002009033 <SF,VEC,EE,ME,IR,DR,RI,LE> CR: 28228282 XER: 20000000 CFAR: c00000000000c80c DAR: 0000000000000060 DSISR: 40000000 IRQMASK: 0 GPR00: c00000000080df9c c000000004133280 c00000000169d200 0000000000000029 GPR04: 00000000ffffefff c000000004132f90 c000000004132f88 0000000000000000 GPR08: c0000000015658f8 c0000000015cd200 c0000000014f57d0 0000000048228283 GPR12: 0000000000000000 c00000003fffe300 0000000020000000 0000000000000000 GPR16: 0000000000000000 0000000113fc4a40 0000000000000005 0000000113fcfb80 GPR20: 000001000f7283b0 0000000000000000 c000000000e4a588 c000000000e4a5b0 GPR24: 0000000000000001 00000000000a0000 c008000000db0168 c0000000021f6ec0 GPR28: c0000000016d65a8 c000000004b36460 0000000000000000 c0000000016d64b0 NIP [c00000000080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0 [c000000004133280] [c00000000080df9c] do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable) [c000000004133350] [c00000000080e4d0] remove_conflicting_framebuffers+0x60/0x150 [c0000000041333a0] [c00000000080e6f4] remove_conflicting_pci_framebuffers+0x134/0x1b0 [c000000004133450] [c008000000e70438] drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm] [c000000004133490] [c008000000da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs] [...] [c000000004133db0] [c00000000002aaa0] system_call_exception+0x170/0x2d0 [c000000004133e10] [c00000000000c3cc] system_call_common+0xec/0x250 The bug [1] was introduced by commit 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal"). Most firmware framebuffers have an underlying platform device, which can be hot-unplugged before loading the native graphics driver. OF framebuffers do not (yet) have that device. Fix the code by unregistering the framebuffer as before without a hot unplug. Tested with 5.17 on qemu ppc64le emulation.
AI-Powered Analysis
Technical Analysis
CVE-2022-49070 is a vulnerability in the Linux kernel related to the framebuffer device (fbdev) subsystem. The issue arises from improper handling of framebuffers that do not have an underlying device in the Linux device hierarchy, specifically Open Firmware (OF) framebuffers. The vulnerability is caused by the kernel attempting to hot-unplug a non-existent device during framebuffer unregistration, leading to a NULL pointer dereference and subsequent kernel crash (kernel oops). This bug was introduced by a commit that implemented hot-unplugging of firmware framebuffer devices on forced removal. However, OF framebuffers lack an associated platform device, so the hot-unplug logic is inappropriate for them. The fix involves reverting to a regular unregister call for such framebuffers instead of hot-unplugging, preventing the NULL dereference. The vulnerability manifests as a kernel panic or crash, which can disrupt system availability. It has been tested on Linux kernel version 5.17 on ppc64le architecture under QEMU emulation. The vulnerability does not appear to have known exploits in the wild and does not have an assigned CVSS score. The root cause is a logic error in device management code affecting framebuffer removal, leading to a denial-of-service condition through kernel crashes when certain framebuffers are unregistered improperly.
Potential Impact
For European organizations running Linux systems, especially those utilizing the affected kernel versions or custom kernels derived from them, this vulnerability can cause system instability and denial of service due to kernel crashes. Systems using OF framebuffers or operating on architectures like ppc64le (common in some enterprise and embedded environments) are particularly at risk. The impact is primarily on availability, as the kernel NULL pointer dereference leads to a crash, potentially causing service interruptions. This can affect servers, embedded devices, or specialized hardware running Linux kernels with the vulnerable framebuffer handling code. While confidentiality and integrity are not directly impacted, the availability disruption can affect critical infrastructure, industrial control systems, or data centers relying on Linux. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted triggering of the bug, especially during device removal or driver updates. Organizations with high availability requirements or those using Linux in embedded or specialized hardware contexts should be aware of this risk.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix this vulnerability as soon as they become available from trusted sources or Linux distributions. 2. For organizations using custom or embedded Linux kernels, ensure the framebuffer unregistration code is updated to avoid hot-unplug calls on OF framebuffers. 3. Monitor kernel updates and security advisories from Linux vendors and distributions to promptly incorporate fixes. 4. Implement robust system monitoring to detect kernel crashes or oops events related to framebuffer operations, enabling rapid response and system recovery. 5. Where possible, avoid forced removal or hot-unplugging of framebuffer devices on affected systems until patched. 6. Test kernel updates in controlled environments, especially on ppc64le or other affected architectures, to validate stability before production deployment. 7. Consider architectural mitigations such as isolating critical services on separate hardware or virtual machines to limit impact of kernel crashes. 8. Maintain regular backups and disaster recovery plans to minimize downtime caused by unexpected kernel panics.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.244Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe6a77
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 7/1/2025, 1:55:41 AM
Last updated: 8/17/2025, 7:53:02 PM
Views: 14
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.