CVE-2022-49848

Summary

In the Linux kernel, the following vulnerability has been resolved:

phy: qcom-qmp-combo: fix NULL-deref on runtime resume

Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS_USB region") started treating the PCS_USB registers as potentially separate from the PCS registers but used the wrong base when no PCS_USB offset has been provided.

Fix the PCS_USB base used at runtime resume to prevent dereferencing a NULL pointer on platforms that do not provide a PCS_USB offset (e.g. SC7180).

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfc64623637da5e964566628bc0e660e93dc7a395 < c559a8b5cfa3db196ced0257b288f17027621348affected
LinuxLinuxfc64623637da5e964566628bc0e660e93dc7a395 < 04948e757148f870a31f4887ea2239403f516c3caffected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.0.9 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References