CVE-2022-49692: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY Latest kernel will explode on the PHY interrupt config, since it depends now on allocated priv. So, run probe to allocate priv to fix it. ar9331_switch ethernet.1:10 lan0 (uninitialized): PHY [!ahb!ethernet@1a000000!mdio!switch@10:00] driver [Qualcomm Atheros AR9331 built-in PHY] (irq=13) CPU 0 Unable to handle kernel paging request at virtual address 0000000a, epc == 8050e8a8, ra == 80504b34 ... Call Trace: [<8050e8a8>] at803x_config_intr+0x5c/0xd0 [<80504b34>] phy_request_interrupt+0xa8/0xd0 [<8050289c>] phylink_bringup_phy+0x2d8/0x3ac [<80502b68>] phylink_fwnode_phy_connect+0x118/0x130 [<8074d8ec>] dsa_slave_create+0x270/0x420 [<80743b04>] dsa_port_setup+0x12c/0x148 [<8074580c>] dsa_register_switch+0xaf0/0xcc0 [<80511344>] ar9331_sw_probe+0x370/0x388 [<8050cb78>] mdio_probe+0x44/0x70 [<804df300>] really_probe+0x200/0x424 [<804df7b4>] __driver_probe_device+0x290/0x298 [<804df810>] driver_probe_device+0x54/0xe4 [<804dfd50>] __device_attach_driver+0xe4/0x130 [<804dcb00>] bus_for_each_drv+0xb4/0xd8 [<804dfac4>] __device_attach+0x104/0x1a4 [<804ddd24>] bus_probe_device+0x48/0xc4 [<804deb44>] deferred_probe_work_func+0xf0/0x10c [<800a0ffc>] process_one_work+0x314/0x4d4 [<800a17fc>] worker_thread+0x2a4/0x354 [<800a9a54>] kthread+0x134/0x13c [<8006306c>] ret_from_kernel_thread+0x14/0x1c Same Issue would affect some other PHYs (QCA8081, QCA9561), so fix it too.
AI Analysis
Technical Summary
CVE-2022-49692 is a vulnerability identified in the Linux kernel affecting the PHY (physical layer) driver for certain Qualcomm Atheros Ethernet PHY devices, specifically the AR9331 PHY and potentially others such as QCA8081 and QCA9561. The issue arises from a NULL pointer dereference during the PHY interrupt configuration process. The root cause is that the interrupt configuration code depends on a private data structure (priv) that must be allocated during the probe phase. If this allocation does not occur properly before the interrupt configuration, the kernel attempts to dereference a NULL pointer, leading to a kernel panic or crash. The kernel call trace shows the failure occurs in the at803x_config_intr function, which is called during PHY initialization and interrupt setup. This vulnerability can cause the affected Linux kernel to crash when initializing or handling interrupts for the impacted PHY devices, resulting in a denial of service (DoS) condition. The problem affects Linux kernel versions prior to the patch that ensures the private data is allocated during the probe phase before interrupt configuration. The vulnerability is relevant for embedded systems, network devices, and any Linux-based systems using these specific PHY drivers. Although no known exploits are reported in the wild, the issue could be triggered by an attacker with local access or by malformed device configurations. The vulnerability does not appear to allow privilege escalation or remote code execution but can cause system instability and network interface failures. The fix involves modifying the driver probe sequence to guarantee that the private data structure is allocated before configuring interrupts, preventing the NULL pointer dereference and subsequent kernel crash.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on Linux-based network devices or embedded systems utilizing the affected Qualcomm Atheros PHY drivers. Such devices could include routers, switches, industrial control systems, and IoT gateways running Linux kernels with these drivers. A kernel crash on these devices could disrupt network connectivity, degrade service availability, and impact critical infrastructure operations. In sectors like telecommunications, manufacturing, and critical infrastructure where embedded Linux devices are common, this could lead to operational downtime and potential safety risks. Although the vulnerability does not directly compromise data confidentiality or integrity, the loss of availability can have cascading effects on business continuity and incident response capabilities. European organizations relying on Linux-based network hardware with these PHYs should be aware of potential instability and plan for timely patching. The lack of known exploits reduces immediate risk, but the vulnerability could be exploited in targeted attacks or accidental misconfigurations. Given the widespread use of Linux in embedded and network devices across Europe, the impact could be significant if unpatched devices are deployed in critical environments.
Mitigation Recommendations
To mitigate CVE-2022-49692, organizations should: 1) Identify all Linux-based devices in their environment using Qualcomm Atheros AR9331, QCA8081, QCA9561, or related PHY drivers. This may require inventorying embedded devices, routers, and switches. 2) Apply the latest Linux kernel patches or vendor firmware updates that include the fix ensuring proper allocation of private data before interrupt configuration in the PHY driver. 3) For devices where patching the kernel is not immediately feasible, consider network segmentation and limiting access to affected devices to reduce the risk of accidental or malicious triggering of the vulnerability. 4) Monitor system logs for kernel panics or crashes related to PHY initialization or interrupts as an indicator of attempted exploitation or misconfiguration. 5) Engage with hardware vendors to confirm patch availability and deployment schedules for embedded devices. 6) Implement robust change management and testing procedures to validate kernel updates do not disrupt device functionality. 7) Consider fallback or redundancy mechanisms for critical network devices to maintain availability during patch deployment or in case of device failure.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
CVE-2022-49692: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY Latest kernel will explode on the PHY interrupt config, since it depends now on allocated priv. So, run probe to allocate priv to fix it. ar9331_switch ethernet.1:10 lan0 (uninitialized): PHY [!ahb!ethernet@1a000000!mdio!switch@10:00] driver [Qualcomm Atheros AR9331 built-in PHY] (irq=13) CPU 0 Unable to handle kernel paging request at virtual address 0000000a, epc == 8050e8a8, ra == 80504b34 ... Call Trace: [<8050e8a8>] at803x_config_intr+0x5c/0xd0 [<80504b34>] phy_request_interrupt+0xa8/0xd0 [<8050289c>] phylink_bringup_phy+0x2d8/0x3ac [<80502b68>] phylink_fwnode_phy_connect+0x118/0x130 [<8074d8ec>] dsa_slave_create+0x270/0x420 [<80743b04>] dsa_port_setup+0x12c/0x148 [<8074580c>] dsa_register_switch+0xaf0/0xcc0 [<80511344>] ar9331_sw_probe+0x370/0x388 [<8050cb78>] mdio_probe+0x44/0x70 [<804df300>] really_probe+0x200/0x424 [<804df7b4>] __driver_probe_device+0x290/0x298 [<804df810>] driver_probe_device+0x54/0xe4 [<804dfd50>] __device_attach_driver+0xe4/0x130 [<804dcb00>] bus_for_each_drv+0xb4/0xd8 [<804dfac4>] __device_attach+0x104/0x1a4 [<804ddd24>] bus_probe_device+0x48/0xc4 [<804deb44>] deferred_probe_work_func+0xf0/0x10c [<800a0ffc>] process_one_work+0x314/0x4d4 [<800a17fc>] worker_thread+0x2a4/0x354 [<800a9a54>] kthread+0x134/0x13c [<8006306c>] ret_from_kernel_thread+0x14/0x1c Same Issue would affect some other PHYs (QCA8081, QCA9561), so fix it too.
AI-Powered Analysis
Technical Analysis
CVE-2022-49692 is a vulnerability identified in the Linux kernel affecting the PHY (physical layer) driver for certain Qualcomm Atheros Ethernet PHY devices, specifically the AR9331 PHY and potentially others such as QCA8081 and QCA9561. The issue arises from a NULL pointer dereference during the PHY interrupt configuration process. The root cause is that the interrupt configuration code depends on a private data structure (priv) that must be allocated during the probe phase. If this allocation does not occur properly before the interrupt configuration, the kernel attempts to dereference a NULL pointer, leading to a kernel panic or crash. The kernel call trace shows the failure occurs in the at803x_config_intr function, which is called during PHY initialization and interrupt setup. This vulnerability can cause the affected Linux kernel to crash when initializing or handling interrupts for the impacted PHY devices, resulting in a denial of service (DoS) condition. The problem affects Linux kernel versions prior to the patch that ensures the private data is allocated during the probe phase before interrupt configuration. The vulnerability is relevant for embedded systems, network devices, and any Linux-based systems using these specific PHY drivers. Although no known exploits are reported in the wild, the issue could be triggered by an attacker with local access or by malformed device configurations. The vulnerability does not appear to allow privilege escalation or remote code execution but can cause system instability and network interface failures. The fix involves modifying the driver probe sequence to guarantee that the private data structure is allocated before configuring interrupts, preventing the NULL pointer dereference and subsequent kernel crash.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on Linux-based network devices or embedded systems utilizing the affected Qualcomm Atheros PHY drivers. Such devices could include routers, switches, industrial control systems, and IoT gateways running Linux kernels with these drivers. A kernel crash on these devices could disrupt network connectivity, degrade service availability, and impact critical infrastructure operations. In sectors like telecommunications, manufacturing, and critical infrastructure where embedded Linux devices are common, this could lead to operational downtime and potential safety risks. Although the vulnerability does not directly compromise data confidentiality or integrity, the loss of availability can have cascading effects on business continuity and incident response capabilities. European organizations relying on Linux-based network hardware with these PHYs should be aware of potential instability and plan for timely patching. The lack of known exploits reduces immediate risk, but the vulnerability could be exploited in targeted attacks or accidental misconfigurations. Given the widespread use of Linux in embedded and network devices across Europe, the impact could be significant if unpatched devices are deployed in critical environments.
Mitigation Recommendations
To mitigate CVE-2022-49692, organizations should: 1) Identify all Linux-based devices in their environment using Qualcomm Atheros AR9331, QCA8081, QCA9561, or related PHY drivers. This may require inventorying embedded devices, routers, and switches. 2) Apply the latest Linux kernel patches or vendor firmware updates that include the fix ensuring proper allocation of private data before interrupt configuration in the PHY driver. 3) For devices where patching the kernel is not immediately feasible, consider network segmentation and limiting access to affected devices to reduce the risk of accidental or malicious triggering of the vulnerability. 4) Monitor system logs for kernel panics or crashes related to PHY initialization or interrupts as an indicator of attempted exploitation or misconfiguration. 5) Engage with hardware vendors to confirm patch availability and deployment schedules for embedded devices. 6) Implement robust change management and testing procedures to validate kernel updates do not disrupt device functionality. 7) Consider fallback or redundancy mechanisms for critical network devices to maintain availability during patch deployment or in case of device failure.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:21:30.442Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4857
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 12:12:13 AM
Last updated: 7/28/2025, 7:56:01 PM
Views: 12
Related Threats
CVE-2025-8989: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8988: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8987: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-8986: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-31987: CWE-405 Asymmetric Resource Consumption in HCL Software Connections Docs
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.