CVE-2022-49273

low-risk

Published 2025-02-26

In the Linux kernel, the following vulnerability has been resolved: rtc: pl031: fix rtc features null pointer dereference When there is no interrupt line, rtc alarm feature is disabled. The clearing of the alarm feature bit was being done prior to allocations of ldata->rtc device, resulting in a null pointer dereference. Clear RTC_FEATURE_ALARM after the rtc device is allocated.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (4)

Patch https://git.kernel.org/stable/c/1b915703964f7e636961df04c540261dc55c6c70

Patch https://git.kernel.org/stable/c/cd2722e411e8ab7e5ae41102f6925fa13dffdac5

Patch https://git.kernel.org/stable/c/d274ce4a3dfd0b9a292667535578359b865765cb

Patch https://git.kernel.org/stable/c/ea6af39f3da50c86367a71eb3cc674ade3ed244c

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal