CVE-2022-50875

Vulnerability

Overview

CVE-2022-50875 is a null pointer dereference vulnerability in the Linux kernel's Device Tree (DT) overlay implementation. The bug resides in the functions find_dup_cset_node_entry() and find_dup_cset_prop(), which are used to detect duplicate node entries and properties when applying DT overlays. When kmalloc() fails to allocate memory during a kasprintf() call, the resulting string pointer (fn_1 or fn_2) is NULL. Subsequently, a call to strcmp() with a NULL pointer causes a null pointer dereference, leading to a kernel crash [1][2][3].

Exploitation and

Impact

An attacker with the ability to trigger a memory allocation failure (e.g., by exhausting system memory) and then apply a crafted Device Tree overlay could exploit this vulnerability. The attack requires local access or the ability to load DT overlays, which typically requires root privileges or specific capabilities. Successful exploitation results in a denial of service (system crash) due to the null pointer dereference. There is no evidence of privilege escalation or remote exploitation [1][2][3].

Mitigation

The vulnerability has been patched in the Linux kernel stable releases. The fix involves adding a NULL check after kasprintf() and returning an appropriate error code if allocation fails, preventing the dereference. Users should update their kernel to a version containing the commit that addresses this issue [1][2][3].