CVE-2022-49848 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-49848 PUBLISHED CVSS 5.5 MEDIUM

Reported by Linux · Published May 1, 2025

In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-combo: fix NULL-deref on runtime resume Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS_USB region") started treating the PCS_USB registers as potentially separate from the PCS registers but used the wrong base when no PCS_USB offset has been provided. Fix the PCS_USB base used at runtime resume to prevent dereferencing a NULL pointer on platforms that do not provide a PCS_USB offset (e.g. SC7180).

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Linux	Linux	fc64623637da5e964566628bc0e660e93dc7a395, fc64623637da5e964566628bc0e660e93dc7a395
Linux	Linux	6.0, 0, 6.0.9
linux	linux_kernel	6.0, 6.0
Linux	Linux	6.0, 0, fc64623637da5e964566628bc0e660e93dc7a395

Timeline

May 1, 2025 CVE Published
May 2, 2025 EPSS Score
May 13, 2025 EPSS Score
May 25, 2025 EPSS Score
Jun 5, 2025 EPSS Score
Jun 16, 2025 EPSS Score
Jun 27, 2025 EPSS Score
Jul 9, 2025 EPSS Score
Jul 20, 2025 EPSS Score
Jul 31, 2025 EPSS Score
Aug 11, 2025 EPSS Score
Aug 23, 2025 EPSS Score

References

Open in Interactive Console →