CVE-2022-49962
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference in the Linux kernel's xhci platform driver. It occurs during the removal process when the driver tries to remove and put both main and shared host controller drivers (hcds) even if only the main hcd exists (i.e., only one root hub). This leads to a null pointer dereference during system reboot for affected controllers. The fix involves checking that the shared_hcd exists before attempting to remove it.
How can this vulnerability impact me? :
This vulnerability can cause a system crash or reboot failure due to a null pointer dereference in the xhci platform driver when removing USB controllers with only one root hub. This may lead to system instability or denial of service during reboot.