CVE-2022-49307

In the Linux kernel, the following vulnerability has been resolved:

tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()

When the driver fails at alloc_hdlcdev(), and then we remove the driver module, we will get the following splat:

[ 25.065966] general protection fault, probably for non-canonical address 0xdffffc0000000182: 0000 [#1] PREEMPT SMP KASAN PTI [ 25.066914] KASAN: null-ptr-deref in range [0x0000000000000c10-0x0000000000000c17] [ 25.069262] RIP: 0010:detach_hdlc_protocol+0x2a/0x3e0 [ 25.077709] Call Trace: [ 25.077924] <TASK> [ 25.078108] unregister_hdlc_device+0x16/0x30 [ 25.078481] slgt_cleanup+0x157/0x9f0 [synclink_gt]

Fix this by checking whether the 'info->netdev' is a null pointer first.

Published: Feb 26, 2025
Updated: May 4, 2025
CVE: CVE-2022-49307
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	4.20	5.4.198
linux / linux_kernel	4.10	4.14.283
linux / linux_kernel	4.15	4.19.247
linux / linux_kernel	5.18	5.18.4
linux / linux_kernel	5.16	5.17.15
linux / linux_kernel	5.11	5.15.47
linux / linux_kernel	-	4.9.318
linux / linux_kernel	5.5	5.10.122

Vulnerability Database

CVE-2022-49307

Deep Security Visibility Without the Complexity