CVE-2022-49512: mtd: rawnand: denali: Use managed device resources
In the Linux kernel, the following vulnerability has been resolved:
mtd: rawnand: denali: Use managed device resources
All of the resources used by this driver has managed interfaces, so use
them. Otherwise we will get the following splat:
[ 4.472703] denali-nand-pci 0000:00:05.0: timeout while waiting for irq 0x1000
[ 4.474071] denali-nand-pci: probe of 0000:00:05.0 failed with error -5
[ 4.473538] nand: No NAND device found
[ 4.474068] BUG: unable to handle page fault for address: ffffc90005000410
[ 4.475169] #PF: supervisor write access in kernel mode
[ 4.475579] #PF: error_code(0x0002) - not-present page
[ 4.478362] RIP: 0010:iowrite32+0x9/0x50
[ 4.486068] Call Trace:
[ 4.486269] <IRQ>
[ 4.486443] denali_isr+0x15b/0x300 [denali]
[ 4.486788] ? denali_direct_write+0x50/0x50 [denali]
[ 4.487189] __handle_irq_event_percpu+0x161/0x3b0
[ 4.487571] handle_irq_event+0x7d/0x1b0
[ 4.487884] handle_fasteoi_irq+0x2b0/0x770
[ 4.488219] __common_interrupt+0xc8/0x1b0
[ 4.488549] common_interrupt+0x9a/0xc0
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue affects systems using the Denali raw NAND driver. A failed device probe can leave resources unmanaged, allowing an interrupt handler to touch invalid memory and trigger a kernel fault. The business risk is mainly device instability or denial of service on specific hardware, not broad internet-facing compromise.
Executive priority
Prioritize assessment for appliances and embedded Linux systems that rely on NAND storage. For general enterprise servers without Denali NAND hardware, urgency is lower based on current evidence. Patch through normal kernel vendor channels once compatibility is confirmed.
Technical view
The Denali rawnand driver did not use managed resource interfaces consistently. On probe failure, the source shows an IRQ path reaching denali_isr and iowrite32 after no NAND device was found, causing a supervisor-mode page fault. The upstream resolution converts driver resources to managed device resources.
Likely exposure
Exposure appears limited to Linux systems with Denali raw NAND hardware or the denali NAND driver enabled. Embedded, appliance, industrial, or storage-oriented Linux deployments are more plausible targets than typical cloud workloads. The source bundle does not identify affected distributions or vendor products beyond Linux.
Exploitation context
The bundle does not report active exploitation, public exploit use, or KEV listing. The evidence describes a kernel fault during device probe and interrupt handling. Treat it as hardware- and driver-specific until vendor advisories or fleet telemetry show broader impact.
Researcher notes
Key unknowns are exploitability beyond crash conditions, exact affected downstream kernels, and whether device presence is required. The provided affected version data is sparse and no CVSS or CWE is supplied. Validate by commit inclusion and hardware reachability, not CVE title alone.
Mitigation direction
Check vendor kernel advisories for CVE-2022-49512 coverage.
Update to a kernel containing the referenced stable commits.
Prioritize systems with Denali NAND hardware or driver support enabled.
Monitor vendor guidance before applying workaround changes.
Avoid unsupported driver disabling on production appliances.
Validation and detection
Inventory Linux kernel versions across affected device classes.
Identify systems with Denali raw NAND driver support enabled.
Review boot logs for denali-nand-pci probe failures or kernel faults.
Confirm vendor kernels include one referenced stable fix.
Track regression testing for NAND-backed boot or storage paths.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-49512 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
6Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Feb 26, 2025, 02:13 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.