CVE-2022-49532: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 [ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567406] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 [ 168.567408] Call trace: [ 168.567414] dump_backtrace+0x0/0x310 [ 168.567418] show_stack+0x28/0x38 [ 168.567423] dump_stack+0xec/0x15c [ 168.567427] should_fail+0x3ac/0x3d0 [ 168.567437] __should_failslab+0xb8/0x120 [ 168.567441] should_failslab+0x28/0xc0 [ 168.567445] kmem_cache_alloc_trace+0x50/0x640 [ 168.567454] drm_mode_create+0x40/0x90 [ 168.567458] drm_cvt_mode+0x48/0xc78 [ 168.567477] virtio_gpu_conn_get_modes+0xa8/0x140 [virtio_gpu] [ 168.567485] drm_helper_probe_single_connector_modes+0x3a4/0xd80 [ 168.567492] drm_mode_getconnector+0x2e0/0xa70 [ 168.567496] drm_ioctl_kernel+0x11c/0x1d8 [ 168.567514] drm_ioctl+0x558/0x6d0 [ 168.567522] do_vfs_ioctl+0x160/0xf30 [ 168.567525] ksys_ioctl+0x98/0xd8 [ 168.567530] __arm64_sys_ioctl+0x50/0xc8 [ 168.567536] el0_svc_common+0xc8/0x320 [ 168.567540] el0_svc_handler+0xf8/0x160 [ 168.567544] el0_svc+0x10/0x218 KASAN stacktrace: [ 168.567561] BUG: KASAN: null-ptr-deref in virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu] [ 168.567565] Read of size 4 at addr 0000000000000054 by task syz/6425 [ 168.567566] [ 168.567571] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567573] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 [ 168.567575] Call trace: [ 168.567578] dump_backtrace+0x0/0x310 [ 168.567582] show_stack+0x28/0x38 [ 168.567586] dump_stack+0xec/0x15c [ 168.567591] kasan_report+0x244/0x2f0 [ 168.567594] __asan_load4+0x58/0xb0 [ 168.567607] virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu] [ 168.567612] drm_helper_probe_single_connector_modes+0x3a4/0xd80 [ 168.567617] drm_mode_getconnector+0x2e0/0xa70 [ 168.567621] drm_ioctl_kernel+0x11c/0x1d8 [ 168.567624] drm_ioctl+0x558/0x6d0 [ 168.567628] do_vfs_ioctl+0x160/0xf30 [ 168.567632] ksys_ioctl+0x98/0xd8 [ 168.567636] __arm64_sys_ioctl+0x50/0xc8 [ 168.567641] el0_svc_common+0xc8/0x320 [ 168.567645] el0_svc_handler+0xf8/0x160 [ 168.567649] el0_svc+0x10/0x218
AI Analysis
Technical Summary
CVE-2022-49532 is a vulnerability identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the virtio GPU driver component. The flaw arises from a NULL pointer dereference in the function virtio_gpu_conn_get_modes, which is responsible for retrieving display modes for virtual GPU connectors. The root cause is that drm_cvt_mode, a function used to create display modes, may return a NULL pointer under certain conditions, but the code failed to check for this NULL return before dereferencing it. This leads to a kernel NULL pointer dereference and consequent crash or denial of service. The vulnerability was discovered using syzkaller, a kernel fuzzing tool, which triggered a fault injection leading to the NULL pointer dereference. The stack traces indicate that the issue occurs during ioctl calls related to DRM mode setting and connector probing. The vulnerability affects Linux kernel versions containing the specified commit hashes (all identical in the data), and it is relevant for systems using virtio GPU drivers, commonly found in virtualized environments such as QEMU/KVM. The bug allows an unprivileged user or process with access to the DRM device to cause a kernel crash by triggering the vulnerable ioctl path. While no known exploits are reported in the wild, the vulnerability can lead to denial of service by crashing the kernel. The lack of a CVSS score suggests it is a recently published issue, and the technical details confirm it is a NULL pointer dereference vulnerability in a critical kernel subsystem related to graphics virtualization.
Potential Impact
For European organizations, the impact of CVE-2022-49532 primarily involves potential denial of service conditions on Linux systems running virtualized environments with virtio GPU drivers enabled. This includes cloud service providers, data centers, and enterprises using KVM/QEMU virtualization with graphical passthrough or virtual GPU support. A successful exploitation could cause kernel crashes, leading to system downtime, disruption of services, and potential loss of availability for critical applications. Although this vulnerability does not directly lead to privilege escalation or data leakage, the induced instability could be leveraged as part of a broader attack chain or cause operational disruptions. Organizations relying on Linux-based virtualization infrastructure for hosting virtual desktops, graphical applications, or containerized workloads with GPU virtualization are at higher risk. The vulnerability's impact on confidentiality and integrity is limited, but availability impact can be significant, especially in production environments where uptime is critical. European organizations in sectors such as finance, telecommunications, and government, which often use Linux virtualization, could face operational risks if this vulnerability is exploited.
Mitigation Recommendations
To mitigate CVE-2022-49532, organizations should apply the official Linux kernel patches that address the NULL pointer dereference in the virtio GPU driver as soon as they become available from their Linux distribution vendors. Until patches are applied, consider disabling the virtio GPU driver or restricting access to DRM devices to trusted users only, minimizing the attack surface. Implement strict access controls on /dev/dri devices to prevent unprivileged users from invoking vulnerable ioctl calls. For virtualized environments, review and harden hypervisor and guest configurations to limit exposure to graphical device interfaces. Monitoring kernel logs for crashes related to drm or virtio_gpu can help detect exploitation attempts. Additionally, organizations should maintain up-to-date kernel versions and subscribe to security advisories from Linux distributions to promptly respond to such vulnerabilities. Employing kernel lockdown features and mandatory access controls (e.g., SELinux, AppArmor) can further reduce risk by limiting device access. Finally, conduct regular security audits of virtualization infrastructure to ensure compliance with best practices and timely patching.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain, Belgium
CVE-2022-49532: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 [ 168.567403] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567406] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 [ 168.567408] Call trace: [ 168.567414] dump_backtrace+0x0/0x310 [ 168.567418] show_stack+0x28/0x38 [ 168.567423] dump_stack+0xec/0x15c [ 168.567427] should_fail+0x3ac/0x3d0 [ 168.567437] __should_failslab+0xb8/0x120 [ 168.567441] should_failslab+0x28/0xc0 [ 168.567445] kmem_cache_alloc_trace+0x50/0x640 [ 168.567454] drm_mode_create+0x40/0x90 [ 168.567458] drm_cvt_mode+0x48/0xc78 [ 168.567477] virtio_gpu_conn_get_modes+0xa8/0x140 [virtio_gpu] [ 168.567485] drm_helper_probe_single_connector_modes+0x3a4/0xd80 [ 168.567492] drm_mode_getconnector+0x2e0/0xa70 [ 168.567496] drm_ioctl_kernel+0x11c/0x1d8 [ 168.567514] drm_ioctl+0x558/0x6d0 [ 168.567522] do_vfs_ioctl+0x160/0xf30 [ 168.567525] ksys_ioctl+0x98/0xd8 [ 168.567530] __arm64_sys_ioctl+0x50/0xc8 [ 168.567536] el0_svc_common+0xc8/0x320 [ 168.567540] el0_svc_handler+0xf8/0x160 [ 168.567544] el0_svc+0x10/0x218 KASAN stacktrace: [ 168.567561] BUG: KASAN: null-ptr-deref in virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu] [ 168.567565] Read of size 4 at addr 0000000000000054 by task syz/6425 [ 168.567566] [ 168.567571] CPU: 1 PID: 6425 Comm: syz Kdump: loaded Not tainted 4.19.90-vhulk2201.1.0.h1035.kasan.eulerosv2r10.aarch64 #1 [ 168.567573] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 [ 168.567575] Call trace: [ 168.567578] dump_backtrace+0x0/0x310 [ 168.567582] show_stack+0x28/0x38 [ 168.567586] dump_stack+0xec/0x15c [ 168.567591] kasan_report+0x244/0x2f0 [ 168.567594] __asan_load4+0x58/0xb0 [ 168.567607] virtio_gpu_conn_get_modes+0xb4/0x140 [virtio_gpu] [ 168.567612] drm_helper_probe_single_connector_modes+0x3a4/0xd80 [ 168.567617] drm_mode_getconnector+0x2e0/0xa70 [ 168.567621] drm_ioctl_kernel+0x11c/0x1d8 [ 168.567624] drm_ioctl+0x558/0x6d0 [ 168.567628] do_vfs_ioctl+0x160/0xf30 [ 168.567632] ksys_ioctl+0x98/0xd8 [ 168.567636] __arm64_sys_ioctl+0x50/0xc8 [ 168.567641] el0_svc_common+0xc8/0x320 [ 168.567645] el0_svc_handler+0xf8/0x160 [ 168.567649] el0_svc+0x10/0x218
AI-Powered Analysis
Technical Analysis
CVE-2022-49532 is a vulnerability identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the virtio GPU driver component. The flaw arises from a NULL pointer dereference in the function virtio_gpu_conn_get_modes, which is responsible for retrieving display modes for virtual GPU connectors. The root cause is that drm_cvt_mode, a function used to create display modes, may return a NULL pointer under certain conditions, but the code failed to check for this NULL return before dereferencing it. This leads to a kernel NULL pointer dereference and consequent crash or denial of service. The vulnerability was discovered using syzkaller, a kernel fuzzing tool, which triggered a fault injection leading to the NULL pointer dereference. The stack traces indicate that the issue occurs during ioctl calls related to DRM mode setting and connector probing. The vulnerability affects Linux kernel versions containing the specified commit hashes (all identical in the data), and it is relevant for systems using virtio GPU drivers, commonly found in virtualized environments such as QEMU/KVM. The bug allows an unprivileged user or process with access to the DRM device to cause a kernel crash by triggering the vulnerable ioctl path. While no known exploits are reported in the wild, the vulnerability can lead to denial of service by crashing the kernel. The lack of a CVSS score suggests it is a recently published issue, and the technical details confirm it is a NULL pointer dereference vulnerability in a critical kernel subsystem related to graphics virtualization.
Potential Impact
For European organizations, the impact of CVE-2022-49532 primarily involves potential denial of service conditions on Linux systems running virtualized environments with virtio GPU drivers enabled. This includes cloud service providers, data centers, and enterprises using KVM/QEMU virtualization with graphical passthrough or virtual GPU support. A successful exploitation could cause kernel crashes, leading to system downtime, disruption of services, and potential loss of availability for critical applications. Although this vulnerability does not directly lead to privilege escalation or data leakage, the induced instability could be leveraged as part of a broader attack chain or cause operational disruptions. Organizations relying on Linux-based virtualization infrastructure for hosting virtual desktops, graphical applications, or containerized workloads with GPU virtualization are at higher risk. The vulnerability's impact on confidentiality and integrity is limited, but availability impact can be significant, especially in production environments where uptime is critical. European organizations in sectors such as finance, telecommunications, and government, which often use Linux virtualization, could face operational risks if this vulnerability is exploited.
Mitigation Recommendations
To mitigate CVE-2022-49532, organizations should apply the official Linux kernel patches that address the NULL pointer dereference in the virtio GPU driver as soon as they become available from their Linux distribution vendors. Until patches are applied, consider disabling the virtio GPU driver or restricting access to DRM devices to trusted users only, minimizing the attack surface. Implement strict access controls on /dev/dri devices to prevent unprivileged users from invoking vulnerable ioctl calls. For virtualized environments, review and harden hypervisor and guest configurations to limit exposure to graphical device interfaces. Monitoring kernel logs for crashes related to drm or virtio_gpu can help detect exploitation attempts. Additionally, organizations should maintain up-to-date kernel versions and subscribe to security advisories from Linux distributions to promptly respond to such vulnerabilities. Employing kernel lockdown features and mandatory access controls (e.g., SELinux, AppArmor) can further reduce risk by limiting device access. Finally, conduct regular security audits of virtualization infrastructure to ensure compliance with best practices and timely patching.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.589Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe436a
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 10:09:30 PM
Last updated: 8/5/2025, 2:31:47 PM
Views: 19
Related Threats
CVE-2025-3892: CWE-250: Execution with Unnecessary Privileges in Axis Communications AB AXIS OS
MediumCVE-2025-30027: CWE-1287: Improper Validation of Specified Type of Input in Axis Communications AB AXIS OS
MediumCVE-2025-7622: CWE-918: Server-Side Request Forgery (SSRF) in Axis Communications AB AXIS Camera Station Pro
MediumCVE-2025-8314: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in emarket-design Project Management, Bug and Issue Tracking Plugin – Software Issue Manager
MediumCVE-2025-8059: CWE-862 Missing Authorization in bplugins B Blocks – The ultimate block collection
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.