NULL Pointer Dereference Affecting kernel-default-livepatch package, versions <5.14.21-150400.24.158.1
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about NULL Pointer Dereference vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-SLES154-KERNELDEFAULTLIVEPATCH-9531181
- published27 Mar 2025
- disclosed26 Mar 2025
Introduced: 26 Mar 2025
NewCVE-2022-49299 (opens in a new tab)How to fix?
Upgrade SLES:15.4 kernel-default-livepatch to version 5.14.21-150400.24.158.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-default-livepatch package and not the kernel-default-livepatch package as distributed by SLES.
See How to fix? for SLES:15.4 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: gadget: don't reset gadget's driver->bus
UDC driver should not touch gadget's driver internals, especially it should not reset driver->bus. This wasn't harmful so far, but since commit fc274c1e9973 ("USB: gadget: Add a new bus for gadgets") gadget subsystem got it's own bus and messing with ->bus triggers the following NULL pointer dereference:
dwc2 12480000.hsotg: bound driver g_ether 8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000000 [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: ... CPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862 Hardware name: Samsung Exynos (Flattened Device Tree) PC is at module_add_driver+0x44/0xe8 LR is at sysfs_do_create_link_sd+0x84/0xe0 ... Process modprobe (pid: 620, stack limit = 0x(ptrval)) ... module_add_driver from bus_add_driver+0xf4/0x1e4 bus_add_driver from driver_register+0x78/0x10c driver_register from usb_gadget_register_driver_owner+0x40/0xb4 usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0 do_one_initcall from do_init_module+0x44/0x1c8 do_init_module from load_module+0x19b8/0x1b9c load_module from sys_finit_module+0xdc/0xfc sys_finit_module from ret_fast_syscall+0x0/0x54 Exception stack(0xf1771fa8 to 0xf1771ff0) ... dwc2 12480000.hsotg: new device is high-speed ---[ end trace 0000000000000000 ]---
Fix this by removing driver->bus entry reset.
References
- https://www.suse.com/security/cve/CVE-2022-49299.html
- https://bugzilla.suse.com/1238184
- https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c
- https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a
- https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8
- https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316
- https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd
- https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b
- https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac
- https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa
- https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0