CVE-2022-50322
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.16 (inc) to 6.0.17 (exc) |
| linux | linux_kernel | From 6.1 (inc) to 6.1.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a function prototype mismatch in the Linux kernel's msc313_rtc_probe() function. The issue arises because msc313_rtc_probe() was passing clk_disable_unprepare() directly as a callback to devm_add_action_or_reset(), but their function prototypes did not match. With Clang's kernel control flow integrity (kCFI) enabled, indirect call targets must match the expected function pointer prototype to prevent runtime failures such as kernel panics or thread termination. The fix involved refactoring the code to use devm_clk_get_enabled() instead, ensuring the function prototypes align and preventing these runtime failures.
How can this vulnerability impact me? :
If this vulnerability is triggered, it can cause runtime failures in the Linux kernel, such as kernel panics or threads being killed. This can lead to system instability, crashes, or denial of service, impacting the reliability and availability of systems running the affected kernel version.