CVE-2022-49323: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49323 is a vulnerability in the Linux kernel affecting the ARM SMMU (System Memory Management Unit) driver. The issue was discovered in the armsmmudevice_probe() function where a potential null pointer dereference could occur. This vulnerability affects Linux kernel versions from 5.11 through 5.18.4, with the issue being publicly disclosed and patched in February 2025 (NVD).

The vulnerability stems from improper handling of resource allocation in the ARM SMMU driver. Specifically, when platformgetresource() returns NULL, attempting to access 'res->start' could trigger a null pointer dereference. The issue occurs in the armsmmudevice_probe() function within the iommu/arm-smmu subsystem. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and is classified as CWE-476 (NULL Pointer Dereference) (NVD).

If exploited, this vulnerability could lead to a system crash due to the null pointer dereference, potentially causing a denial of service condition. The impact is limited to availability with no direct impact on confidentiality or integrity of the system (NVD).

The vulnerability has been fixed by modifying the code to use devmplatformgetandioremapresource() instead of separate platformgetresource() and devmioremap_resource() calls. The fix moves the 'res' usage after proper validation to prevent the null pointer dereference. Users should upgrade to kernel versions 5.18.4, 5.17.15, 5.15.47, or 5.10.122 or later which contain the fix (Kernel Patch).