CVE-2022-49944
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a regression in the Linux kernel caused by a recent commit that introduced a NULL pointer dereference when reading the power supply sysfs. Specifically, a stale sysfs entry that should have been removed remains with NULL operations, leading to a NULL dereference. The error handling changes in the commit caused the power device to remain unreleased, which can cause system instability or crashes. The issue was resolved by reverting the problematic commit.
How can this vulnerability impact me? :
This vulnerability can cause system instability or crashes due to a NULL pointer dereference in the Linux kernel's power supply sysfs interface. It may lead to unreleased power devices, potentially affecting system power management and reliability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is addressed by reverting the commit that introduced the regression (commit 87d0e2f41b8c). Immediate mitigation involves applying the patch that reverts this commit to your Linux kernel to remove the stale sysfs entry causing the NULL dereference. Further code improvements may be done later, but the revert is the current fix.