CVE-2022-50047
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-11-13

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6060: prevent crash on an unused port If the port isn't a CPU port nor a user port, 'cpu_dp' is a null pointer and a crash happened on dereferencing it in mv88e6060_setup_port(): [ 9.575872] Unable to handle kernel NULL pointer dereference at virtual address 00000014 ... [ 9.942216] mv88e6060_setup from dsa_register_switch+0x814/0xe84 [ 9.948616] dsa_register_switch from mdio_probe+0x2c/0x54 [ 9.954433] mdio_probe from really_probe.part.0+0x98/0x2a0 [ 9.960375] really_probe.part.0 from driver_probe_device+0x30/0x10c [ 9.967029] driver_probe_device from __device_attach_driver+0xb8/0x13c [ 9.973946] __device_attach_driver from bus_for_each_drv+0x90/0xe0 [ 9.980509] bus_for_each_drv from __device_attach+0x110/0x184 [ 9.986632] __device_attach from bus_probe_device+0x8c/0x94 [ 9.992577] bus_probe_device from deferred_probe_work_func+0x78/0xa8 [ 9.999311] deferred_probe_work_func from process_one_work+0x290/0x73c [ 10.006292] process_one_work from worker_thread+0x30/0x4b8 [ 10.012155] worker_thread from kthread+0xd4/0x10c [ 10.017238] kthread from ret_from_fork+0x14/0x3c
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-11-13
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50047
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel 6.0
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's mv88e6060 driver for network switches. If a port is neither a CPU port nor a user port, a pointer named 'cpu_dp' is null. The code attempts to dereference this null pointer in the function mv88e6060_setup_port(), causing the kernel to crash due to a NULL pointer dereference.


How can this vulnerability impact me? :

The impact of this vulnerability is a kernel crash, which can lead to a denial of service on the affected system. This crash occurs when the driver attempts to set up an unused port incorrectly, potentially causing system instability or downtime.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking your system logs for kernel crash messages related to mv88e6060_setup_port or NULL pointer dereferences. Specifically, look for messages similar to: '[ 9.575872] Unable to handle kernel NULL pointer dereference at virtual address 00000014' and stack traces involving mv88e6060_setup from dsa_register_switch. Using commands like 'dmesg | grep mv88e6060' or 'journalctl -k | grep mv88e6060' can help identify if the crash has occurred.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where this vulnerability is fixed. Since the issue is a kernel crash caused by dereferencing a null pointer in mv88e6060_setup_port, applying the vendor's patch or upgrading to a kernel version that includes the fix will prevent the crash. Until then, avoid using configurations that involve unused ports on the mv88e6060 switch driver.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart