CVE-2022-50276
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.0 (inc) to 5.4.229 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.163 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.86 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.0.16 (exc) |
| linux | linux_kernel | From 6.1 (inc) to 6.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's power supply subsystem. When the function kmalloc() fails to allocate memory in kasprintf(), the variable propname becomes NULL. Subsequently, strcmp() is called by of_get_property() with this NULL pointer, causing a null pointer dereference, which can lead to a kernel crash or instability. The fix involves returning an error (ENOMEM) if kasprintf() returns a NULL pointer to prevent this issue.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash or become unstable due to a null pointer dereference. This may lead to denial of service or system instability, affecting the availability and reliability of systems running vulnerable kernel versions.