CVE-2022-49424: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer dereference when printing dev_name When larbdev is NULL (in the case I hit, the node is incorrectly set iommus = <&iommu NUM>), it will cause device_link_add() fail and kernel crashes when we try to print dev_name(larbdev). Let's fail the probe if a larbdev is NULL to avoid invalid inputs from dts. It should work for normal correct setting and avoid the crash caused by my incorrect setting. Error log: [ 18.189042][ T301] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 ... [ 18.344519][ T301] pstate: a0400005 (NzCv daif +PAN -UAO) [ 18.345213][ T301] pc : mtk_iommu_probe_device+0xf8/0x118 [mtk_iommu] [ 18.346050][ T301] lr : mtk_iommu_probe_device+0xd0/0x118 [mtk_iommu] [ 18.346884][ T301] sp : ffffffc00a5635e0 [ 18.347392][ T301] x29: ffffffc00a5635e0 x28: ffffffd44a46c1d8 [ 18.348156][ T301] x27: ffffff80c39a8000 x26: ffffffd44a80cc38 [ 18.348917][ T301] x25: 0000000000000000 x24: ffffffd44a80cc38 [ 18.349677][ T301] x23: ffffffd44e4da4c6 x22: ffffffd44a80cc38 [ 18.350438][ T301] x21: ffffff80cecd1880 x20: 0000000000000000 [ 18.351198][ T301] x19: ffffff80c439f010 x18: ffffffc00a50d0c0 [ 18.351959][ T301] x17: ffffffffffffffff x16: 0000000000000004 [ 18.352719][ T301] x15: 0000000000000004 x14: ffffffd44eb5d420 [ 18.353480][ T301] x13: 0000000000000ad2 x12: 0000000000000003 [ 18.354241][ T301] x11: 00000000fffffad2 x10: c0000000fffffad2 [ 18.355003][ T301] x9 : a0d288d8d7142d00 x8 : a0d288d8d7142d00 [ 18.355763][ T301] x7 : ffffffd44c2bc640 x6 : 0000000000000000 [ 18.356524][ T301] x5 : 0000000000000080 x4 : 0000000000000001 [ 18.357284][ T301] x3 : 0000000000000000 x2 : 0000000000000005 [ 18.358045][ T301] x1 : 0000000000000000 x0 : 0000000000000000 [ 18.360208][ T301] Hardware name: MT6873 (DT) [ 18.360771][ T301] Call trace: [ 18.361168][ T301] dump_backtrace+0xf8/0x1f0 [ 18.361737][ T301] dump_stack_lvl+0xa8/0x11c [ 18.362305][ T301] dump_stack+0x1c/0x2c [ 18.362816][ T301] mrdump_common_die+0x184/0x40c [mrdump] [ 18.363575][ T301] ipanic_die+0x24/0x38 [mrdump] [ 18.364230][ T301] atomic_notifier_call_chain+0x128/0x2b8 [ 18.364937][ T301] die+0x16c/0x568 [ 18.365394][ T301] __do_kernel_fault+0x1e8/0x214 [ 18.365402][ T301] do_page_fault+0xb8/0x678 [ 18.366934][ T301] do_translation_fault+0x48/0x64 [ 18.368645][ T301] do_mem_abort+0x68/0x148 [ 18.368652][ T301] el1_abort+0x40/0x64 [ 18.368660][ T301] el1h_64_sync_handler+0x54/0x88 [ 18.368668][ T301] el1h_64_sync+0x68/0x6c [ 18.368673][ T301] mtk_iommu_probe_device+0xf8/0x118 [mtk_iommu] ...
AI Analysis
Technical Summary
CVE-2022-49424 is a vulnerability identified in the Linux kernel specifically within the MediaTek IOMMU (Input-Output Memory Management Unit) driver code. The issue arises from a NULL pointer dereference when the kernel attempts to print the device name (dev_name) of a larbdev device during the probing phase. The root cause is an invalid device tree setting where the larbdev pointer is NULL, causing device_link_add() to fail and subsequently leading to a kernel crash when dev_name is accessed. This vulnerability manifests as a denial-of-service condition due to a kernel panic triggered by the NULL pointer dereference. The problem occurs when the device tree source (DTS) incorrectly sets the IOMMU nodes, resulting in invalid inputs to the driver. The fix implemented involves failing the probe if larbdev is NULL, thereby preventing the kernel from dereferencing a NULL pointer and avoiding the crash. The vulnerability is specific to certain MediaTek hardware platforms using the affected Linux kernel versions, as indicated by the hardware name MT6873 in the logs. The crash stack trace shows the fault occurs in the mtk_iommu_probe_device function, confirming the issue is localized to the MediaTek IOMMU driver. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts system stability and availability rather than confidentiality or integrity, as it causes kernel crashes under specific misconfiguration conditions rather than arbitrary code execution or privilege escalation.
Potential Impact
For European organizations, the impact of CVE-2022-49424 is primarily related to system availability and reliability, particularly for those using Linux-based systems on MediaTek hardware platforms. Organizations deploying embedded systems, IoT devices, or specialized hardware running affected Linux kernels with MediaTek IOMMU drivers may experience unexpected kernel panics and system crashes if device tree configurations are incorrect or maliciously altered. This could lead to service disruptions, downtime, and potential operational impacts in critical environments such as telecommunications, industrial control systems, or consumer electronics. However, since exploitation requires specific hardware and misconfiguration, the threat surface is relatively narrow. The vulnerability does not appear to allow remote code execution or privilege escalation, limiting its use in targeted attacks. Nonetheless, organizations relying on MediaTek-based Linux devices should consider the risk of stability issues and potential denial-of-service conditions, which could affect service continuity and maintenance costs.
Mitigation Recommendations
To mitigate CVE-2022-49424, European organizations should: 1) Ensure that Linux kernel versions are updated to include the patch that fails the probe when larbdev is NULL, thereby preventing kernel crashes. 2) Validate device tree configurations rigorously during development and deployment to avoid invalid IOMMU node settings that trigger the vulnerability. 3) Implement configuration management and automated testing to detect misconfigurations in device trees before production deployment. 4) For embedded and IoT devices using MediaTek hardware, coordinate with vendors to obtain firmware and kernel updates that address this issue. 5) Monitor kernel logs for signs of NULL pointer dereference crashes related to mtk_iommu_probe_device to detect potential misconfigurations or attempted exploitation. 6) Employ hardware and software inventory management to identify affected devices and prioritize patching efforts. 7) Consider network segmentation and access controls to limit exposure of vulnerable devices to untrusted networks, reducing the risk of accidental or malicious misconfiguration.
Affected Countries
Germany, France, Italy, Spain, United Kingdom, Netherlands, Poland, Sweden, Finland
CVE-2022-49424: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer dereference when printing dev_name When larbdev is NULL (in the case I hit, the node is incorrectly set iommus = <&iommu NUM>), it will cause device_link_add() fail and kernel crashes when we try to print dev_name(larbdev). Let's fail the probe if a larbdev is NULL to avoid invalid inputs from dts. It should work for normal correct setting and avoid the crash caused by my incorrect setting. Error log: [ 18.189042][ T301] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 ... [ 18.344519][ T301] pstate: a0400005 (NzCv daif +PAN -UAO) [ 18.345213][ T301] pc : mtk_iommu_probe_device+0xf8/0x118 [mtk_iommu] [ 18.346050][ T301] lr : mtk_iommu_probe_device+0xd0/0x118 [mtk_iommu] [ 18.346884][ T301] sp : ffffffc00a5635e0 [ 18.347392][ T301] x29: ffffffc00a5635e0 x28: ffffffd44a46c1d8 [ 18.348156][ T301] x27: ffffff80c39a8000 x26: ffffffd44a80cc38 [ 18.348917][ T301] x25: 0000000000000000 x24: ffffffd44a80cc38 [ 18.349677][ T301] x23: ffffffd44e4da4c6 x22: ffffffd44a80cc38 [ 18.350438][ T301] x21: ffffff80cecd1880 x20: 0000000000000000 [ 18.351198][ T301] x19: ffffff80c439f010 x18: ffffffc00a50d0c0 [ 18.351959][ T301] x17: ffffffffffffffff x16: 0000000000000004 [ 18.352719][ T301] x15: 0000000000000004 x14: ffffffd44eb5d420 [ 18.353480][ T301] x13: 0000000000000ad2 x12: 0000000000000003 [ 18.354241][ T301] x11: 00000000fffffad2 x10: c0000000fffffad2 [ 18.355003][ T301] x9 : a0d288d8d7142d00 x8 : a0d288d8d7142d00 [ 18.355763][ T301] x7 : ffffffd44c2bc640 x6 : 0000000000000000 [ 18.356524][ T301] x5 : 0000000000000080 x4 : 0000000000000001 [ 18.357284][ T301] x3 : 0000000000000000 x2 : 0000000000000005 [ 18.358045][ T301] x1 : 0000000000000000 x0 : 0000000000000000 [ 18.360208][ T301] Hardware name: MT6873 (DT) [ 18.360771][ T301] Call trace: [ 18.361168][ T301] dump_backtrace+0xf8/0x1f0 [ 18.361737][ T301] dump_stack_lvl+0xa8/0x11c [ 18.362305][ T301] dump_stack+0x1c/0x2c [ 18.362816][ T301] mrdump_common_die+0x184/0x40c [mrdump] [ 18.363575][ T301] ipanic_die+0x24/0x38 [mrdump] [ 18.364230][ T301] atomic_notifier_call_chain+0x128/0x2b8 [ 18.364937][ T301] die+0x16c/0x568 [ 18.365394][ T301] __do_kernel_fault+0x1e8/0x214 [ 18.365402][ T301] do_page_fault+0xb8/0x678 [ 18.366934][ T301] do_translation_fault+0x48/0x64 [ 18.368645][ T301] do_mem_abort+0x68/0x148 [ 18.368652][ T301] el1_abort+0x40/0x64 [ 18.368660][ T301] el1h_64_sync_handler+0x54/0x88 [ 18.368668][ T301] el1h_64_sync+0x68/0x6c [ 18.368673][ T301] mtk_iommu_probe_device+0xf8/0x118 [mtk_iommu] ...
AI-Powered Analysis
Technical Analysis
CVE-2022-49424 is a vulnerability identified in the Linux kernel specifically within the MediaTek IOMMU (Input-Output Memory Management Unit) driver code. The issue arises from a NULL pointer dereference when the kernel attempts to print the device name (dev_name) of a larbdev device during the probing phase. The root cause is an invalid device tree setting where the larbdev pointer is NULL, causing device_link_add() to fail and subsequently leading to a kernel crash when dev_name is accessed. This vulnerability manifests as a denial-of-service condition due to a kernel panic triggered by the NULL pointer dereference. The problem occurs when the device tree source (DTS) incorrectly sets the IOMMU nodes, resulting in invalid inputs to the driver. The fix implemented involves failing the probe if larbdev is NULL, thereby preventing the kernel from dereferencing a NULL pointer and avoiding the crash. The vulnerability is specific to certain MediaTek hardware platforms using the affected Linux kernel versions, as indicated by the hardware name MT6873 in the logs. The crash stack trace shows the fault occurs in the mtk_iommu_probe_device function, confirming the issue is localized to the MediaTek IOMMU driver. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts system stability and availability rather than confidentiality or integrity, as it causes kernel crashes under specific misconfiguration conditions rather than arbitrary code execution or privilege escalation.
Potential Impact
For European organizations, the impact of CVE-2022-49424 is primarily related to system availability and reliability, particularly for those using Linux-based systems on MediaTek hardware platforms. Organizations deploying embedded systems, IoT devices, or specialized hardware running affected Linux kernels with MediaTek IOMMU drivers may experience unexpected kernel panics and system crashes if device tree configurations are incorrect or maliciously altered. This could lead to service disruptions, downtime, and potential operational impacts in critical environments such as telecommunications, industrial control systems, or consumer electronics. However, since exploitation requires specific hardware and misconfiguration, the threat surface is relatively narrow. The vulnerability does not appear to allow remote code execution or privilege escalation, limiting its use in targeted attacks. Nonetheless, organizations relying on MediaTek-based Linux devices should consider the risk of stability issues and potential denial-of-service conditions, which could affect service continuity and maintenance costs.
Mitigation Recommendations
To mitigate CVE-2022-49424, European organizations should: 1) Ensure that Linux kernel versions are updated to include the patch that fails the probe when larbdev is NULL, thereby preventing kernel crashes. 2) Validate device tree configurations rigorously during development and deployment to avoid invalid IOMMU node settings that trigger the vulnerability. 3) Implement configuration management and automated testing to detect misconfigurations in device trees before production deployment. 4) For embedded and IoT devices using MediaTek hardware, coordinate with vendors to obtain firmware and kernel updates that address this issue. 5) Monitor kernel logs for signs of NULL pointer dereference crashes related to mtk_iommu_probe_device to detect potential misconfigurations or attempted exploitation. 6) Employ hardware and software inventory management to identify affected devices and prioritize patching efforts. 7) Consider network segmentation and access controls to limit exposure of vulnerable devices to untrusted networks, reducing the risk of accidental or malicious misconfiguration.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.569Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd68b
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/28/2025, 12:41:03 AM
Last updated: 8/14/2025, 6:56:48 PM
Views: 16
Related Threats
CVE-2025-8193
LowCVE-2025-9356: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-9355: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-43761: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumCVE-2025-24902: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.