CVE-2022-49424

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the iommu/mediatek module. This issue occurs when the larbdev is NULL, causing the device link add() function to fail and resulting in a kernel crash when attempting to print dev name(larbdev). The error log indicates a NULL pointer dereference at a virtual address, leading to a kernel crash. The issue is related to an incorrect setting in the device tree, where the node is incorrectly set to iommus = <&iommu NUM>, causing the larbdev to be NULL.

Recommendations To resolve this issue, it is recommended to update the Linux kernel to a version that includes the fix for this issue. As a temporary workaround, consider disabling the vulnerable iommu/mediatek module until a patch is available. Additionally, ensure that the device tree settings are correct, and the iommus node is properly configured to avoid invalid inputs.