CVE-2022-50075
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's event probes (eprobes) system. When a symbol containing '@' is used with an eprobe, it causes a NULL pointer dereference crash. The issue arises because eprobes do not handle certain references (like immediate addresses, symbols, and the current task name) consistently with other probe types such as kprobes and uprobes. The fix makes eprobes handle these references in the same way as kprobes and uprobes, preventing the crash.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference when using event probes with certain symbols. Such a crash can lead to system instability or downtime, potentially affecting system availability and reliability.