CVE-2022-49273 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
rtc: pl031: fix rtc features null pointer dereference
When there is no interrupt line, rtc alarm feature is disabled.
The clearing of the alarm feature bit was being done prior to allocations of ldata->rtc device, resulting in a null pointer dereference.
Clear RTC_FEATURE_ALARM after the rtc device is allocated.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/05/2025
The vulnerability identified as CVE-2022-49273 affects the Linux kernel's real-time clock implementation, specifically within the pl031 driver component that manages ARM PrimeCell PL031 real-time clock hardware. This issue represents a critical null pointer dereference condition that occurs during the initialization process of the RTC subsystem. The vulnerability stems from improper sequencing of operations within the driver's initialization logic, where the alarm feature bit clearing operation is executed before the necessary RTC device structure allocation has been completed.
The technical flaw manifests when the Linux kernel attempts to initialize the pl031 RTC driver on hardware platforms where no interrupt line is available. Under normal circumstances, the driver should gracefully handle the absence of interrupt capabilities by disabling the alarm feature. However, the implementation contains a logical error where the RTC_FEATURE_ALARM bit is cleared before the ldata->rtc device structure is properly allocated and initialized. This sequence flaw results in a null pointer dereference when the system attempts to access the uninitialized RTC device structure, causing the kernel to crash or become unstable.
The operational impact of this vulnerability extends beyond simple system instability, as it affects the reliability of embedded systems and server platforms that utilize ARM-based processors with PL031 RTC hardware. Systems running affected kernel versions may experience unexpected crashes during boot processes or runtime operations when the RTC subsystem is accessed, particularly in environments where interrupt handling is not available or properly configured. The vulnerability affects systems that rely on the pl031 RTC driver for timekeeping functionality, potentially leading to complete system failures or data loss in mission-critical applications.
This vulnerability aligns with CWE-476 which identifies null pointer dereference as a common security weakness in software implementations. The flaw demonstrates poor defensive programming practices where proper initialization order is not maintained, creating opportunities for system instability. From an ATT&CK perspective, this vulnerability could be leveraged in supply chain attacks or system compromise scenarios where adversaries seek to destabilize target environments through kernel-level exploits. The fix implemented addresses this by reordering the initialization sequence to ensure that the RTC device structure is allocated and properly initialized before any feature bits are cleared, preventing the null pointer access condition.
The mitigation strategy involves updating to kernel versions that contain the patched implementation, where the initialization sequence has been corrected to allocate the rtc device structure before clearing the alarm feature bit. System administrators should prioritize kernel updates, particularly in production environments where the pl031 RTC driver is actively used. Additional monitoring should be implemented to detect potential system crashes or instability patterns that may indicate exploitation attempts. Organizations should also consider implementing runtime checks for RTC subsystem integrity and maintain robust backup and recovery procedures to ensure system availability during patch deployment phases. The fix demonstrates the importance of proper initialization sequence management in kernel drivers and serves as a reminder of the critical nature of defensive programming practices in operating system components.