CVE-2022-49848 in Linux
Summary
by MITRE • 05/01/2025
In the Linux kernel, the following vulnerability has been resolved:
phy: qcom-qmp-combo: fix NULL-deref on runtime resume
Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS_USB region") started treating the PCS_USB registers as potentially separate from the PCS registers but used the wrong base when no PCS_USB offset has been provided.
Fix the PCS_USB base used at runtime resume to prevent dereferencing a NULL pointer on platforms that do not provide a PCS_USB offset (e.g. SC7180).
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/01/2025
The vulnerability CVE-2022-49848 represents a critical null pointer dereference issue within the Linux kernel's phy subsystem, specifically affecting the qcom-qmp-combo driver implementation. This flaw manifests during runtime resume operations when the system attempts to access PCS_USB registers that have not been properly initialized or configured. The vulnerability stems from a design change introduced in commit fc64623637da which aimed to support separate PCS_USB regions but failed to account for platforms where PCS_USB offsets are not provided, particularly affecting Qualcomm SC7180-based systems. The issue demonstrates a fundamental failure in resource management and pointer validation within the device driver's runtime handling logic.
The technical implementation flaw occurs when the qcom-qmp-combo driver processes runtime resume operations on platforms lacking PCS_USB offset configuration. During this process, the driver attempts to access a NULL pointer reference when trying to dereference PCS_USB registers that were never properly mapped or initialized. This null pointer dereference represents a classic software error pattern that can lead to system crashes, kernel oops, and potential denial of service conditions. The vulnerability specifically targets the runtime resume path where device state restoration occurs, making it particularly dangerous as it can compromise system stability during normal operation cycles. The flaw operates at the kernel level, directly impacting the physical layer (phy) subsystem's ability to properly manage Qualcomm QMP combo phy controllers.
The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise entire device functionality and security posture. When triggered during runtime resume operations, the null pointer dereference can cause the kernel to panic and terminate execution, leading to complete system hangs or forced reboots. This is particularly concerning for embedded systems and mobile devices that rely heavily on proper phy controller management for connectivity operations. The vulnerability affects systems using Qualcomm SC7180 and similar platforms where the PCS_USB offset configuration is absent, creating a persistent risk for device stability. From an attack surface perspective, this vulnerability could be exploited by malicious actors to cause denial of service conditions or potentially escalate privileges through kernel exploitation techniques.
Mitigation strategies for CVE-2022-49848 require immediate kernel updates to incorporate the fixed commit that properly handles the PCS_USB base address during runtime resume operations. System administrators should prioritize applying the relevant kernel patches that correct the pointer handling logic and ensure proper initialization of PCS_USB registers when no offset is provided. The fix implements proper null checking and conditional address assignment to prevent the dereference of uninitialized pointers during resume operations. Organizations should also conduct thorough testing of affected platforms to ensure the patch resolves the issue without introducing regressions in phy controller functionality. This vulnerability aligns with CWE-476 which specifically addresses null pointer dereference conditions, and could potentially map to ATT&CK technique T1068 related to local privilege escalation through kernel vulnerabilities, though the primary impact remains system stability and availability rather than direct privilege compromise.