CVE-2022-48749: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48749 affects the Linux kernel's DRM (Direct Rendering Manager) MSM DPU driver. The vulnerability was discovered in the dpusetupdspp_pcc function where an invalid parameter check could lead to a NULL pointer dereference. The issue affects Linux kernel versions from 5.8 through 5.10.96, 5.11 through 5.15.19, 5.16 through 5.16.5, and 5.17-rc1 (NVD).

The vulnerability exists in the dpusetupdspp_pcc function within the DRM MSM DPU driver. The function performed a check on the 'ctx' input parameter after it was already used, which could lead to a NULL pointer dereference. The issue was assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-476 (NULL Pointer Dereference) (NVD, Kernel Patch).

The vulnerability could lead to a system crash through a NULL pointer dereference, potentially causing a denial of service condition. The impact is limited to local attacks and requires low privileges to execute (NVD).

The vulnerability has been fixed by initializing the 'base' variable after the sanity check of the 'ctx' parameter. The fix was implemented in multiple kernel versions through patch 170b22234d5495f5e0844246e23f004639ee89ba. Users should update to kernel versions 5.10.96 or later, 5.15.19 or later, or 5.16.5 or later to receive the fix (Kernel Patch).