PT-2025-7998 · Linux+4 · Linux Kernel+4

Sudip Mukherjee

Published

2022-04-04

Updated

2025-09-29

CVE-2022-49070

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fix of the NULL dereference issue in the fbdev module

Description A NULL dereference issue has been identified in the Linux kernel, specifically in the fbdev module. This issue occurs when attempting to unregister framebuffers without an underlying device in the Linux device hierarchy. The problem arises from the fact that OF framebuffers do not have an associated platform device, which can be hot-unplugged before loading the native graphics driver. As a result, a NULL pointer dereference can occur, leading to a kernel crash. An example error message is provided, showcasing the issue on a ppc64le system.

Recommendations For Linux kernel versions prior to the fix, consider applying the patch that fixes the unregistering of framebuffers without devices to prevent the NULL dereference issue. As a temporary workaround, consider disabling the use of OF framebuffers until a patched version of the kernel is available.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880

BDU:2025-06041

CVE-2022-49070

RHSA-2023:2458

RHSA-2023_2458

SUSE-SU-2025:1176-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Linux Kernel

Red Hat

Red Os

Suse

PT-2025-7998 · Linux+4 · Linux Kernel+4

CVE-2022-49070

Weakness Enumeration

Related Identifiers

Affected Products

References · 1307