CVE-2022-49187

clk: Fix clk_hw_get_clk() when dev is NULL

Description

In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_hw_get_clk() when dev is NULL Any registered clk_core structure can have a NULL pointer in its dev field. While never actually documented, this is evidenced by the wide usage of clk_register and clk_hw_register with a NULL device pointer, and the fact that the core of_clk_hw_register() function also passes a NULL device pointer. A call to clk_hw_get_clk() on a clk_hw struct whose clk_core is in that case will result in a NULL pointer derefence when it calls dev_name() on that NULL device pointer. Add a test for this case and use NULL as the dev_id if the device pointer is NULL.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4be3e4c05d8dd1b83b75652cad88c9e752ec7054 patch
https://git.kernel.org/stable/c/d183f20cf5a7b546d4108e796b98210ceb317579 patch
https://git.kernel.org/stable/c/23f89fe005b105f0dcc55034c13eb89f9b570fac patch
https://git.kernel.org/stable/c/0c1b56df451716ba207bbf59f303473643eee4fd patch

Frequently Asked Questions

What is the severity of CVE-2022-49187?
CVE-2022-49187 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49187?
To fix CVE-2022-49187, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49187 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49187 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49187?
CVE-2022-49187 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.