CVE-2022-49847

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc2

Description A segmentation fault issue has been resolved in the Linux kernel, specifically in the am65-cpsw driver. The problem occurred when the module was unloaded, causing a segmentation fault when the first slave link was active. The issue was addressed by moving the am65 cpsw nuss phylink cleanup() call to after am65 cpsw nuss cleanup ndev() to ensure that phylink remains valid.

Technical details about the issue include:

The error occurred at virtual address 00040008000005f4
The ESR value was 0x0000000096000004
The EC value was 0x25, indicating a DABT (current EL) with IL = 32 bits
The FSC value was 0x04, indicating a level 0 translation fault
The phy stop() and phylink stop() functions were involved in the call trace
The am65 cpsw nuss ndo slave stop() function was also part of the call trace

Recommendations To resolve the issue, update the Linux kernel to a version newer than 6.1.0-rc2. As a temporary workaround, consider disabling the am65 cpsw nuss module until a patch is available. Restrict access to the vulnerable am65-cpsw driver to minimize the risk of exploitation. Avoid using the phylink interface in the affected API endpoint until the issue is resolved.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-05948

CVE-2022-49847

Affected Products

Astra Linux

Linux Kernel

CVE-2022-49847

Weakness Enumeration

Related Identifiers

Affected Products

References · 15