{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49692", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:21:30.442Z", "datePublished": "2025-02-26T02:24:15.616Z", "dateUpdated": "2025-02-26T02:24:15.616Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-26T02:24:15.616Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: at803x: fix NULL pointer dereference on AR9331 PHY\n\nLatest kernel will explode on the PHY interrupt config, since it depends\nnow on allocated priv. So, run probe to allocate priv to fix it.\n\n ar9331_switch ethernet.1:10 lan0 (uninitialized): PHY [!ahb!ethernet@1a000000!mdio!switch@10:00] driver [Qualcomm Atheros AR9331 built-in PHY] (irq=13)\n CPU 0 Unable to handle kernel paging request at virtual address 0000000a, epc == 8050e8a8, ra == 80504b34\n ...\n Call Trace:\n [<8050e8a8>] at803x_config_intr+0x5c/0xd0\n [<80504b34>] phy_request_interrupt+0xa8/0xd0\n [<8050289c>] phylink_bringup_phy+0x2d8/0x3ac\n [<80502b68>] phylink_fwnode_phy_connect+0x118/0x130\n [<8074d8ec>] dsa_slave_create+0x270/0x420\n [<80743b04>] dsa_port_setup+0x12c/0x148\n [<8074580c>] dsa_register_switch+0xaf0/0xcc0\n [<80511344>] ar9331_sw_probe+0x370/0x388\n [<8050cb78>] mdio_probe+0x44/0x70\n [<804df300>] really_probe+0x200/0x424\n [<804df7b4>] __driver_probe_device+0x290/0x298\n [<804df810>] driver_probe_device+0x54/0xe4\n [<804dfd50>] __device_attach_driver+0xe4/0x130\n [<804dcb00>] bus_for_each_drv+0xb4/0xd8\n [<804dfac4>] __device_attach+0x104/0x1a4\n [<804ddd24>] bus_probe_device+0x48/0xc4\n [<804deb44>] deferred_probe_work_func+0xf0/0x10c\n [<800a0ffc>] process_one_work+0x314/0x4d4\n [<800a17fc>] worker_thread+0x2a4/0x354\n [<800a9a54>] kthread+0x134/0x13c\n [<8006306c>] ret_from_kernel_thread+0x14/0x1c\n\nSame Issue would affect some other PHYs (QCA8081, QCA9561), so fix it\ntoo."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/phy/at803x.c"], "versions": [{"version": "3265f421887847db9ae2c01a00645e33608556d8", "lessThan": "66fa352215e8455ba2e5f33793535795bd3e36ca", "status": "affected", "versionType": "git"}, {"version": "3265f421887847db9ae2c01a00645e33608556d8", "lessThan": "9926de7315be3d606cc011a305ad9adb9e8e14c9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/phy/at803x.c"], "versions": [{"version": "5.18", "status": "affected"}, {"version": "0", "lessThan": "5.18", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.8", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/66fa352215e8455ba2e5f33793535795bd3e36ca"}, {"url": "https://git.kernel.org/stable/c/9926de7315be3d606cc011a305ad9adb9e8e14c9"}], "title": "net: phy: at803x: fix NULL pointer dereference on AR9331 PHY", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "38D180E5-530F-4351-9BC3-DF4D61BC7610", "versionEndExcluding": "5.18.8", "versionStartIncluding": "5.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "A8C30C2D-F82D-4D37-AB48-D76ABFBD5377", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "BF8547FC-C849-4F1B-804B-A93AE2F04A92", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F3068028-F453-4A1C-B80F-3F5609ACEF60", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: at803x: fix NULL pointer dereference on AR9331 PHY\n\nLatest kernel will explode on the PHY interrupt config, since it depends\nnow on allocated priv. So, run probe to allocate priv to fix it.\n\n ar9331_switch ethernet.1:10 lan0 (uninitialized): PHY [!ahb!ethernet@1a000000!mdio!switch@10:00] driver [Qualcomm Atheros AR9331 built-in PHY] (irq=13)\n CPU 0 Unable to handle kernel paging request at virtual address 0000000a, epc == 8050e8a8, ra == 80504b34\n ...\n Call Trace:\n [<8050e8a8>] at803x_config_intr+0x5c/0xd0\n [<80504b34>] phy_request_interrupt+0xa8/0xd0\n [<8050289c>] phylink_bringup_phy+0x2d8/0x3ac\n [<80502b68>] phylink_fwnode_phy_connect+0x118/0x130\n [<8074d8ec>] dsa_slave_create+0x270/0x420\n [<80743b04>] dsa_port_setup+0x12c/0x148\n [<8074580c>] dsa_register_switch+0xaf0/0xcc0\n [<80511344>] ar9331_sw_probe+0x370/0x388\n [<8050cb78>] mdio_probe+0x44/0x70\n [<804df300>] really_probe+0x200/0x424\n [<804df7b4>] __driver_probe_device+0x290/0x298\n [<804df810>] driver_probe_device+0x54/0xe4\n [<804dfd50>] __device_attach_driver+0xe4/0x130\n [<804dcb00>] bus_for_each_drv+0xb4/0xd8\n [<804dfac4>] __device_attach+0x104/0x1a4\n [<804ddd24>] bus_probe_device+0x48/0xc4\n [<804deb44>] deferred_probe_work_func+0xf0/0x10c\n [<800a0ffc>] process_one_work+0x314/0x4d4\n [<800a17fc>] worker_thread+0x2a4/0x354\n [<800a9a54>] kthread+0x134/0x13c\n [<8006306c>] ret_from_kernel_thread+0x14/0x1c\n\nSame Issue would affect some other PHYs (QCA8081, QCA9561), so fix it\ntoo."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: at803x: se corrige la desreferencia de puntero NULL en AR9331 PHY. El kernel m\u00e1s reciente explotar\u00e1 en la configuraci\u00f3n de interrupci\u00f3n de PHY, ya que ahora depende de privilegios asignados. Por lo tanto, ejecute la sonda para asignar privilegios para solucionarlo. ar9331_switch ethernet.1:10 lan0 (uninitialized): PHY [!ahb!ethernet@1a000000!mdio!switch@10:00] driver [Qualcomm Atheros AR9331 built-in PHY] (irq=13) CPU 0 Unable to handle kernel paging request at virtual address 0000000a, epc == 8050e8a8, ra == 80504b34 ... Call Trace: [&lt;8050e8a8&gt;] at803x_config_intr+0x5c/0xd0 [&lt;80504b34&gt;] phy_request_interrupt+0xa8/0xd0 [&lt;8050289c&gt;] phylink_bringup_phy+0x2d8/0x3ac [&lt;80502b68&gt;] phylink_fwnode_phy_connect+0x118/0x130 [&lt;8074d8ec&gt;] dsa_slave_create+0x270/0x420 [&lt;80743b04&gt;] dsa_port_setup+0x12c/0x148 [&lt;8074580c&gt;] dsa_register_switch+0xaf0/0xcc0 [&lt;80511344&gt;] ar9331_sw_probe+0x370/0x388 [&lt;8050cb78&gt;] mdio_probe+0x44/0x70 [&lt;804df300&gt;] really_probe+0x200/0x424 [&lt;804df7b4&gt;] __driver_probe_device+0x290/0x298 [&lt;804df810&gt;] driver_probe_device+0x54/0xe4 [&lt;804dfd50&gt;] __device_attach_driver+0xe4/0x130 [&lt;804dcb00&gt;] bus_for_each_drv+0xb4/0xd8 [&lt;804dfac4&gt;] __device_attach+0x104/0x1a4 [&lt;804ddd24&gt;] bus_probe_device+0x48/0xc4 [&lt;804deb44&gt;] deferred_probe_work_func+0xf0/0x10c [&lt;800a0ffc&gt;] process_one_work+0x314/0x4d4 [&lt;800a17fc&gt;] worker_thread+0x2a4/0x354 [&lt;800a9a54&gt;] kthread+0x134/0x13c [&lt;8006306c&gt;] ret_from_kernel_thread+0x14/0x1c El mismo problema afectar\u00eda a algunos otros PHY (QCA8081, QCA9561), as\u00ed que corr\u00edjalo tambi\u00e9n."}], "id": "CVE-2022-49692", "lastModified": "2025-03-11T22:27:35.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:43.990", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/66fa352215e8455ba2e5f33793535795bd3e36ca"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9926de7315be3d606cc011a305ad9adb9e8e14c9"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY", "id": "2347773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347773"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: phy: at803x: fix NULL pointer dereference on AR9331 PHY\nLatest kernel will explode on the PHY interrupt config, since it depends\nnow on allocated priv. So, run probe to allocate priv to fix it.\nar9331_switch ethernet.1:10 lan0 (uninitialized): PHY [!ahb!ethernet@1a000000!mdio!switch@10:00] driver [Qualcomm Atheros AR9331 built-in PHY] (irq=13)\nCPU 0 Unable to handle kernel paging request at virtual address 0000000a, epc == 8050e8a8, ra == 80504b34\n...\nCall Trace:\n[<8050e8a8>] at803x_config_intr+0x5c/0xd0\n[<80504b34>] phy_request_interrupt+0xa8/0xd0\n[<8050289c>] phylink_bringup_phy+0x2d8/0x3ac\n[<80502b68>] phylink_fwnode_phy_connect+0x118/0x130\n[<8074d8ec>] dsa_slave_create+0x270/0x420\n[<80743b04>] dsa_port_setup+0x12c/0x148\n[<8074580c>] dsa_register_switch+0xaf0/0xcc0\n[<80511344>] ar9331_sw_probe+0x370/0x388\n[<8050cb78>] mdio_probe+0x44/0x70\n[<804df300>] really_probe+0x200/0x424\n[<804df7b4>] __driver_probe_device+0x290/0x298\n[<804df810>] driver_probe_device+0x54/0xe4\n[<804dfd50>] __device_attach_driver+0xe4/0x130\n[<804dcb00>] bus_for_each_drv+0xb4/0xd8\n[<804dfac4>] __device_attach+0x104/0x1a4\n[<804ddd24>] bus_probe_device+0x48/0xc4\n[<804deb44>] deferred_probe_work_func+0xf0/0x10c\n[<800a0ffc>] process_one_work+0x314/0x4d4\n[<800a17fc>] worker_thread+0x2a4/0x354\n[<800a9a54>] kthread+0x134/0x13c\n[<8006306c>] ret_from_kernel_thread+0x14/0x1c\nSame Issue would affect some other PHYs (QCA8081, QCA9561), so fix it\ntoo."], "name": "CVE-2022-49692", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49692\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49692\nhttps://lore.kernel.org/linux-cve-announce/2025022627-CVE-2022-49692-0f29@gregkh/T"], "threat_severity": "Moderate"}