CVE-2022-49475 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() It will cause null-ptr-deref if platform_get_resource_byname() returns NULL, we need check the return value.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/10f537219629769498ecb8515e096be213224c24
https://git.kernel.org/stable/c/33dda87d04598ac5d9a849218a373443f7d3de66
https://git.kernel.org/stable/c/560dcbe1c7a78f597f2167371ebdbe2bca3d0735
https://git.kernel.org/stable/c/9d9c84825c3ec359b165c762a424cfdefe87fdd7
https://git.kernel.org/stable/c/a2b331ac11e1cac56f5b7d367e9f3c5796deaaed
https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2022-49475-9398@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49475
https://www.cve.org/CVERecord?id=CVE-2022-49475

History

Mon, 17 Mar 2025 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Wed, 26 Feb 2025 13:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2022-49475-9398@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-49475 https://www.cve.org/CVERecord?id=CVE-2022-49475
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 26 Feb 2025 02:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() It will cause null-ptr-deref if platform_get_resource_byname() returns NULL, we need check the return value.
Title		spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()
References		https://git.kernel.org/stable/c/10f537219629769498ecb8515e096be213224c24 https://git.kernel.org/stable/c/33dda87d04598ac5d9a849218a373443f7d3de66 https://git.kernel.org/stable/c/560dcbe1c7a78f597f2167371ebdbe2bca3d0735 https://git.kernel.org/stable/c/9d9c84825c3ec359b165c762a424cfdefe87fdd7 https://git.kernel.org/stable/c/a2b331ac11e1cac56f5b7d367e9f3c5796deaaed

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-02-26T02:13:17.353Z

Updated: 2025-02-26T02:13:17.353Z

Reserved: 2025-02-26T02:08:31.580Z

Link: CVE-2022-49475

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2025-02-26T07:01:23.713

Modified: 2025-03-17T16:08:23.667

Link: CVE-2022-49475

Redhat

Severity : Moderate

Publid Date: 2025-02-26T00:00:00Z

Links: CVE-2022-49475 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object