CVE-2022-49494 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()
It will cause null-ptr-deref when using 'res', if platform_get_resource() returns NULL, so move using 'res' after devm_ioremap_resource() that will check it to avoid null-ptr-deref. And use devm_platform_get_and_ioremap_resource() to simplify code.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/26/2025
The vulnerability identified as CVE-2022-49494 resides within the Linux kernel's MTD (Memory Technology Device) subsystem, specifically affecting the Cadence NAND controller driver implementation. This issue manifests as a potential null pointer dereference that occurs during device tree probing operations for NAND flash memory controllers. The flaw is particularly significant because it affects the kernel's ability to properly initialize and manage NAND flash devices, which are commonly used in embedded systems, storage devices, and various hardware platforms where reliable memory management is critical for system stability and security.
The technical root cause of this vulnerability stems from improper resource handling within the cadence_nand_dt_probe() function which is responsible for probing and initializing Cadence NAND controllers using device tree configuration data. When the platform_get_resource() function returns a NULL pointer, indicating that the required hardware resource cannot be located or accessed, the subsequent code attempts to dereference this null pointer through the 'res' variable before proper validation occurs. This violates fundamental safe programming practices and creates a condition where the kernel may attempt to access memory at address zero or an invalid location, leading to system crashes or potentially exploitable conditions that could allow malicious actors to disrupt system operations.
The operational impact of this vulnerability extends beyond simple system instability, as it represents a potential denial of service condition that could affect embedded systems, servers, and devices relying on NAND flash storage for critical operations. The flaw particularly affects systems where device tree configurations are used to describe hardware resources, which is common in modern embedded Linux deployments including automotive systems, network equipment, and IoT devices. When exploited, this null pointer dereference could cause kernel panics, system crashes, or even enable privilege escalation scenarios depending on the specific system configuration and attack surface. The vulnerability affects the kernel's ability to properly enumerate and initialize NAND flash devices, potentially leading to complete system unavailability or data corruption scenarios.
Security mitigations for this vulnerability primarily involve applying the kernel patch that restructures the resource handling logic to ensure proper validation before dereferencing pointers. The recommended fix implements a two-step approach where device resources are first obtained and then immediately mapped using the devm_platform_get_and_ioremap_resource() helper function, which performs the necessary NULL checks internally. This approach aligns with the principle of defensive programming and follows the CWE-476 principle of null pointer dereference prevention. The solution also addresses ATT&CK technique T1490 by preventing system instability and denial of service conditions that could be exploited by attackers. Organizations should prioritize applying kernel updates that include this fix, particularly in embedded systems and production environments where NAND flash devices are utilized. The fix demonstrates proper resource management practices and follows Linux kernel development best practices for memory safety and device initialization procedures, reducing the attack surface and improving overall system reliability in embedded and enterprise deployments.