CVE-2022-50282
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 3.16.83 (inc) to 3.17 (exc) |
| linux | linux_kernel | From 4.4.224 (inc) to 4.5 (exc) |
| linux | linux_kernel | From 4.9.224 (inc) to 4.9.337 (exc) |
| linux | linux_kernel | From 4.12 (inc) to 4.14.303 (exc) |
| linux | linux_kernel | From 4.15 (inc) to 4.19.270 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.229 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.163 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.86 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.0.16 (exc) |
| linux | linux_kernel | From 6.1 (inc) to 6.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-908 | The product uses or accesses a resource that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the Linux kernel's character device handling, specifically in the error handling of the function cdev_device_add(). When a fault injection test causes device_add() to return an error and the device's devt field is not set, the function cdev_add() is not called, so cdev_del() is also not called. This leads to improper handling of kobject references, causing warnings and potential instability because kobject_put() is called on an uninitialized kobject.
How can this vulnerability impact me? :
This vulnerability can cause kernel warnings and potentially lead to system instability or crashes due to improper error handling in device registration. It may affect the reliability of the Linux kernel when dealing with character devices, especially under fault conditions, which could impact system stability and device functionality.