CVE-2022-49021

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc3+

Description A null pointer dereference issue has been identified in the Linux kernel. The issue occurs when the probe() function fails in phy attach direct(), causing a null pointer dereference in device release driver() while deleting a device. This is due to the knode driver->n klist not being set when device bind driver() is not called after a failed probe(). The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Linux kernel versions prior to 6.1.0-rc3+, consider updating to a newer version that includes the fix for this issue. As a temporary workaround, setting dev->driver to NULL in the error path in phy attach direct() can prevent the null pointer dereference. However, this is a code-level fix and may require recompiling the kernel. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but updating to the latest available version is recommended.