CVE-2022-49496: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko If the driver support subdev mode, the parameter "dev->pm.dev" will be NULL in mtk_vcodec_dec_remove. Kernel will crash when try to rmmod mtk-vcodec-dec.ko. [ 4380.702726] pc : do_raw_spin_trylock+0x4/0x80 [ 4380.707075] lr : _raw_spin_lock_irq+0x90/0x14c [ 4380.711509] sp : ffff80000819bc10 [ 4380.714811] x29: ffff80000819bc10 x28: ffff3600c03e4000 x27: 0000000000000000 [ 4380.721934] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 [ 4380.729057] x23: ffff3600c0f34930 x22: ffffd5e923549000 x21: 0000000000000220 [ 4380.736179] x20: 0000000000000208 x19: ffffd5e9213e8ebc x18: 0000000000000020 [ 4380.743298] x17: 0000002000000000 x16: ffffd5e9213e8e90 x15: 696c346f65646976 [ 4380.750420] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000040 [ 4380.757542] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 [ 4380.764664] x8 : 0000000000000000 x7 : ffff3600c7273ae8 x6 : ffffd5e9213e8ebc [ 4380.771786] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 [ 4380.778908] x2 : 0000000000000000 x1 : ffff3600c03e4000 x0 : 0000000000000208 [ 4380.786031] Call trace: [ 4380.788465] do_raw_spin_trylock+0x4/0x80 [ 4380.792462] __pm_runtime_disable+0x2c/0x1b0 [ 4380.796723] mtk_vcodec_dec_remove+0x5c/0xa0 [mtk_vcodec_dec] [ 4380.802466] platform_remove+0x2c/0x60 [ 4380.806204] __device_release_driver+0x194/0x250 [ 4380.810810] driver_detach+0xc8/0x15c [ 4380.814462] bus_remove_driver+0x5c/0xb0 [ 4380.818375] driver_unregister+0x34/0x64 [ 4380.822288] platform_driver_unregister+0x18/0x24 [ 4380.826979] mtk_vcodec_dec_driver_exit+0x1c/0x888 [mtk_vcodec_dec] [ 4380.833240] __arm64_sys_delete_module+0x190/0x224 [ 4380.838020] invoke_syscall+0x48/0x114 [ 4380.841760] el0_svc_common.constprop.0+0x60/0x11c [ 4380.846540] do_el0_svc+0x28/0x90 [ 4380.849844] el0_svc+0x4c/0x100 [ 4380.852975] el0t_64_sync_handler+0xec/0xf0 [ 4380.857148] el0t_64_sync+0x190/0x194 [ 4380.860801] Code: 94431515 17ffffca d503201f d503245f (b9400004)
AI Analysis
Technical Summary
CVE-2022-49496 is a vulnerability identified in the Linux kernel specifically affecting the MediaTek video codec driver module, mtk-vcodec-dec.ko. The issue arises when the driver operates in sub-device (subdev) mode, where the parameter "dev->pm.dev" can be NULL during the removal (rmmod) of the mtk-vcodec-dec kernel module. This NULL pointer dereference leads to a kernel crash due to improper handling in the mtk_vcodec_dec_remove function. The crash occurs when the kernel attempts to disable runtime power management (__pm_runtime_disable) on a NULL device pointer, triggering a spinlock operation on invalid memory, which results in a system panic or kernel oops. The provided kernel stack trace shows the crash path starting from do_raw_spin_trylock, progressing through __pm_runtime_disable, and culminating in the module removal sequence. This vulnerability is a stability and availability issue rather than a direct code execution or privilege escalation flaw. It affects Linux kernel versions containing the vulnerable MediaTek video codec driver implementation, particularly on ARM64 architectures where MediaTek SoCs are common. No public exploits are known at this time, and no CVSS score has been assigned. The vulnerability was disclosed and published in early 2025, with no patch links provided in the data, indicating that users should verify kernel updates from Linux distributions or MediaTek for remediation.
Potential Impact
For European organizations, the primary impact of CVE-2022-49496 is on system availability and stability. Systems running Linux kernels with the vulnerable MediaTek video codec driver may experience kernel crashes when the affected module is removed, potentially causing unplanned downtime or service interruptions. This is particularly relevant for embedded systems, IoT devices, or specialized hardware using MediaTek SoCs with Linux-based firmware. Enterprises relying on such devices for critical operations—such as telecommunications infrastructure, industrial control systems, or multimedia processing units—may face operational disruptions. Although this vulnerability does not directly lead to privilege escalation or data breaches, repeated crashes could be exploited for denial-of-service (DoS) attacks, impacting service continuity. European organizations deploying Linux on MediaTek hardware should assess their exposure, especially in sectors where embedded Linux systems are prevalent. The lack of known exploits reduces immediate risk, but the potential for stability issues necessitates proactive mitigation to maintain operational resilience.
Mitigation Recommendations
To mitigate CVE-2022-49496, European organizations should: 1) Verify and apply the latest Linux kernel updates from trusted sources or Linux distribution vendors that include the fix for the MediaTek vcodec driver. 2) If kernel updates are not immediately available, avoid unloading the mtk-vcodec-dec.ko module dynamically (i.e., avoid using rmmod on this module) to prevent triggering the crash. 3) For embedded or custom Linux systems, rebuild the kernel with the patched driver or disable the MediaTek vcodec driver if not required. 4) Implement monitoring for kernel panics and crashes related to module removal to detect potential exploitation or stability issues early. 5) Engage with hardware and software vendors to confirm the presence of patches and request timely updates. 6) In environments where MediaTek hardware is used, conduct thorough testing of kernel module operations during maintenance windows to avoid unexpected downtime. These steps go beyond generic advice by focusing on module-specific handling and operational practices tailored to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden, Finland
CVE-2022-49496: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko If the driver support subdev mode, the parameter "dev->pm.dev" will be NULL in mtk_vcodec_dec_remove. Kernel will crash when try to rmmod mtk-vcodec-dec.ko. [ 4380.702726] pc : do_raw_spin_trylock+0x4/0x80 [ 4380.707075] lr : _raw_spin_lock_irq+0x90/0x14c [ 4380.711509] sp : ffff80000819bc10 [ 4380.714811] x29: ffff80000819bc10 x28: ffff3600c03e4000 x27: 0000000000000000 [ 4380.721934] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 [ 4380.729057] x23: ffff3600c0f34930 x22: ffffd5e923549000 x21: 0000000000000220 [ 4380.736179] x20: 0000000000000208 x19: ffffd5e9213e8ebc x18: 0000000000000020 [ 4380.743298] x17: 0000002000000000 x16: ffffd5e9213e8e90 x15: 696c346f65646976 [ 4380.750420] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000040 [ 4380.757542] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 [ 4380.764664] x8 : 0000000000000000 x7 : ffff3600c7273ae8 x6 : ffffd5e9213e8ebc [ 4380.771786] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 [ 4380.778908] x2 : 0000000000000000 x1 : ffff3600c03e4000 x0 : 0000000000000208 [ 4380.786031] Call trace: [ 4380.788465] do_raw_spin_trylock+0x4/0x80 [ 4380.792462] __pm_runtime_disable+0x2c/0x1b0 [ 4380.796723] mtk_vcodec_dec_remove+0x5c/0xa0 [mtk_vcodec_dec] [ 4380.802466] platform_remove+0x2c/0x60 [ 4380.806204] __device_release_driver+0x194/0x250 [ 4380.810810] driver_detach+0xc8/0x15c [ 4380.814462] bus_remove_driver+0x5c/0xb0 [ 4380.818375] driver_unregister+0x34/0x64 [ 4380.822288] platform_driver_unregister+0x18/0x24 [ 4380.826979] mtk_vcodec_dec_driver_exit+0x1c/0x888 [mtk_vcodec_dec] [ 4380.833240] __arm64_sys_delete_module+0x190/0x224 [ 4380.838020] invoke_syscall+0x48/0x114 [ 4380.841760] el0_svc_common.constprop.0+0x60/0x11c [ 4380.846540] do_el0_svc+0x28/0x90 [ 4380.849844] el0_svc+0x4c/0x100 [ 4380.852975] el0t_64_sync_handler+0xec/0xf0 [ 4380.857148] el0t_64_sync+0x190/0x194 [ 4380.860801] Code: 94431515 17ffffca d503201f d503245f (b9400004)
AI-Powered Analysis
Technical Analysis
CVE-2022-49496 is a vulnerability identified in the Linux kernel specifically affecting the MediaTek video codec driver module, mtk-vcodec-dec.ko. The issue arises when the driver operates in sub-device (subdev) mode, where the parameter "dev->pm.dev" can be NULL during the removal (rmmod) of the mtk-vcodec-dec kernel module. This NULL pointer dereference leads to a kernel crash due to improper handling in the mtk_vcodec_dec_remove function. The crash occurs when the kernel attempts to disable runtime power management (__pm_runtime_disable) on a NULL device pointer, triggering a spinlock operation on invalid memory, which results in a system panic or kernel oops. The provided kernel stack trace shows the crash path starting from do_raw_spin_trylock, progressing through __pm_runtime_disable, and culminating in the module removal sequence. This vulnerability is a stability and availability issue rather than a direct code execution or privilege escalation flaw. It affects Linux kernel versions containing the vulnerable MediaTek video codec driver implementation, particularly on ARM64 architectures where MediaTek SoCs are common. No public exploits are known at this time, and no CVSS score has been assigned. The vulnerability was disclosed and published in early 2025, with no patch links provided in the data, indicating that users should verify kernel updates from Linux distributions or MediaTek for remediation.
Potential Impact
For European organizations, the primary impact of CVE-2022-49496 is on system availability and stability. Systems running Linux kernels with the vulnerable MediaTek video codec driver may experience kernel crashes when the affected module is removed, potentially causing unplanned downtime or service interruptions. This is particularly relevant for embedded systems, IoT devices, or specialized hardware using MediaTek SoCs with Linux-based firmware. Enterprises relying on such devices for critical operations—such as telecommunications infrastructure, industrial control systems, or multimedia processing units—may face operational disruptions. Although this vulnerability does not directly lead to privilege escalation or data breaches, repeated crashes could be exploited for denial-of-service (DoS) attacks, impacting service continuity. European organizations deploying Linux on MediaTek hardware should assess their exposure, especially in sectors where embedded Linux systems are prevalent. The lack of known exploits reduces immediate risk, but the potential for stability issues necessitates proactive mitigation to maintain operational resilience.
Mitigation Recommendations
To mitigate CVE-2022-49496, European organizations should: 1) Verify and apply the latest Linux kernel updates from trusted sources or Linux distribution vendors that include the fix for the MediaTek vcodec driver. 2) If kernel updates are not immediately available, avoid unloading the mtk-vcodec-dec.ko module dynamically (i.e., avoid using rmmod on this module) to prevent triggering the crash. 3) For embedded or custom Linux systems, rebuild the kernel with the patched driver or disable the MediaTek vcodec driver if not required. 4) Implement monitoring for kernel panics and crashes related to module removal to detect potential exploitation or stability issues early. 5) Engage with hardware and software vendors to confirm the presence of patches and request timely updates. 6) In environments where MediaTek hardware is used, conduct thorough testing of kernel module operations during maintenance windows to avoid unexpected downtime. These steps go beyond generic advice by focusing on module-specific handling and operational practices tailored to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.586Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5c18
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 4:43:32 PM
Last updated: 8/14/2025, 3:13:38 PM
Views: 16
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.