CVE-2022-49323

Advisory lineage Upstream: 0 Downstream: 9

Downstream

DEBIAN-CVE-2022-49323 RHSA-2023:2458 RHSA-2023:2951 SUSE-SU-2025:02846-1 SUSE-SU-2025:1027-1 SUSE-SU-2025:1176-1

Modified

Published: 26 Feb 2025, 02:10

Last modified:11 May 2026, 18:57

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (cve.org)

EPSS Score

0.1% LOW

0% probability +0.05%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 Feb 2025, 02:10

Published

Vulnerability first disclosed

11 May 2026, 18:57

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() It will cause null-ptr-deref when using 'res', if platform_get_resource() returns NULL, so move using 'res' after devm_ioremap_resource() that will check it to avoid null-ptr-deref. And use devm_platform_get_and_ioremap_resource() to simplify code.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.10%• Percentile: 28%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ 9648cbc9625b67c91ed1aaf4b8b77f3f0c537496, < 3660db29b0305f9a1d95979c7af0f5db6ea99f5d | ≥ 9648cbc9625b67c91ed1aaf4b8b77f3f0c537496, < 98dd53a92825747395649f54d23512a13c3ed471 | ≥ 9648cbc9625b67c91ed1aaf4b8b77f3f0c537496, < 80776a71340f57d6a4952635fc89f0342072f3ca | ≥ 9648cbc9625b67c91ed1aaf4b8b77f3f0c537496, < 449fc4561762ad9ad85362d5f01f0d0df397457a | ≥ 9648cbc9625b67c91ed1aaf4b8b77f3f0c537496, < d9ed8af1dee37f181096631fb03729ece98ba816 | 4.11
linux•linux_kernel
< 5.10.122 | ≥ 5.11, < 5.15.47 | ≥ 5.16, < 5.17.15 | ≥ 5.18, < 5.18.4