CVE-2022-50165
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-908 | The product uses or accesses a resource that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's wifi driver wil6210, specifically in the debugfs interface. It involves the use of an uninitialized variable 'rc' in the function wil_write_file_wmi(). A code change replaced a call to simple_write_to_buffer() with memdup_user(), but did not update the return value accordingly, leading to a warning about using an uninitialized variable. The fix removes the 'rc' variable and returns the passed-in length if memdup_user() succeeds.
How can this vulnerability impact me? :
The vulnerability causes a warning due to the use of an uninitialized variable in the kernel code, which could potentially lead to undefined behavior in the affected function. However, the description does not specify any direct security impact such as privilege escalation or denial of service.