CVE-2022-49756

Summary

In the Linux kernel, the following vulnerability has been resolved:

phy: usb: sunplus: Fix potential null-ptr-deref in sp_usb_phy_probe()

sp_usb_phy_probe() will call platform_get_resource_byname() that may fail and return NULL. devm_ioremap() will use usbphy->moon4_res_mem->start as input, which may causes null-ptr-deref. Check the ret value of platform_get_resource_byname() to avoid the null-ptr-deref.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux99d9ccd97385208b78b3d88e756451f4b70119fc < d838b5c99bcecd593b4710a93fce8fdbf122395baffected
LinuxLinux99d9ccd97385208b78b3d88e756451f4b70119fc < 17eee264ef386ef30a69dd70e36f29893b85c170affected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux6.1.9 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References