CVE-2022-49692

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the at803x driver for the AR9331 PHY. This issue occurs when the kernel attempts to configure the PHY interrupt without allocating the necessary private data, resulting in a kernel paging request error. The problem is not limited to the AR9331 PHY, as other PHYs such as QCA8081 and QCA9561 may also be affected.

Recommendations To resolve this issue, run the probe to allocate the necessary private data before configuring the PHY interrupt. As a temporary workaround, consider disabling the at803x config intr() function until a patch is available. Restrict access to the vulnerable at803x driver to minimize the risk of exploitation. Avoid using the phy request interrupt() function in the affected kernel versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.