VDB
CVE-2022-49848
CVE-2022-49848
PUBLISHED
CVSS 5.5 MEDIUM
Reported by Linux · Published May 1, 2025
In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-combo: fix NULL-deref on runtime resume Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS_USB region") started treating the PCS_USB registers as potentially separate from the PCS registers but used the wrong base when no PCS_USB offset has been provided. Fix the PCS_USB base used at runtime resume to prevent dereferencing a NULL pointer on platforms that do not provide a PCS_USB offset (e.g. SC7180).
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | fc64623637da5e964566628bc0e660e93dc7a395, fc64623637da5e964566628bc0e660e93dc7a395 |
| Linux | Linux | 6.0, 0, 6.0.9 |
| linux | linux_kernel | 6.0, 6.0, 6.0 |
| Linux | Linux | fc64623637da5e964566628bc0e660e93dc7a395, 6.0, 6.1 |
Timeline
- May 1, 2025 CVE Published
- May 2, 2025 EPSS Score
- May 14, 2025 EPSS Score
- May 26, 2025 EPSS Score
- Jun 7, 2025 EPSS Score
- Jun 18, 2025 EPSS Score
- Jun 30, 2025 EPSS Score
- Jul 12, 2025 EPSS Score
- Jul 24, 2025 EPSS Score
- Aug 5, 2025 EPSS Score
- Aug 17, 2025 EPSS Score
- Aug 29, 2025 EPSS Score