CVE-2022-49285: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49285 affects the Linux kernel's Industrial I/O (IIO) subsystem, specifically in the MMA8452 accelerometer driver. The vulnerability was discovered in the logic used to obtain mma8452_data, where incorrect device pointer handling could lead to NULL pointer dereference. The issue was disclosed and patched in February 2022 (Kernel Git).

The vulnerability stems from incorrect logic in the mma8452showscaleavail function within the MMA8452 accelerometer driver. The original code incorrectly used toi2cclient(dev) to find the i2cclient, which was wrong as the dev pointer belonged to iiodev. While this initially worked due to using dev->driverdata to get iiodev, it became problematic after commit 8b7651f25962 ("iio: iiodevice_alloc(): Remove unnecessary self drvdata"), leading to NULL pointer dereference when attempting to show available scales in userspace (Kernel Git).

When exploited, this vulnerability could cause a kernel crash through NULL pointer dereference when attempting to show available scales in userspace. This could lead to a denial of service condition on affected systems (Kernel Git).

The issue has been fixed by correcting the logic to properly obtain the mma8452data structure. The fix involves using devtoiiodev() to get the correct device pointer. The patch has been merged into the Linux kernel mainline and stable trees (Kernel Git).