{"uuid": "1eae9aa3-4697-42ca-8914-33d80bedfa08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-49285", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5434", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-49285\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: mma8452: use the correct logic to get mma8452_data\n\nThe original logic to get mma8452_data is wrong, the *dev point to\nthe device belong to iio_dev. we can't use this dev to find the\ncorrect i2c_client. The original logic happen to work because it\nfinally use dev->driver_data to get iio_dev. Here use the API\nto_i2c_client() is wrong and make reader confuse. To correct the\nlogic, it should be like this\n\n  struct mma8452_data *data = iio_priv(dev_get_drvdata(dev));\n\nBut after commit 8b7651f25962 (\"iio: iio_device_alloc(): Remove\nunnecessary self drvdata\"), the upper logic also can't work.\nWhen try to show the avialable scale in userspace, will meet kernel\ndump, kernel handle NULL pointer dereference.\n\nSo use dev_to_iio_dev() to correct the logic.\n\nDual fixes tags as the second reflects when the bug was exposed, whilst\nthe first reflects when the original bug was introduced.\n\ud83d\udccf Published: 2025-02-26T01:56:25.096Z\n\ud83d\udccf Modified: 2025-02-26T01:56:25.096Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/4c0bb583a4444cce224e8661090cbffc98e2fe07\n2. https://git.kernel.org/stable/c/d2d9ebdbff79d87d27652578e6d1638ad3b5f3bf\n3. https://git.kernel.org/stable/c/c87b7b12f48db86ac9909894f4dc0107d7df6375", "creation_timestamp": "2025-02-26T02:23:38.000000Z"}