CVE-2022-50361
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.17 (inc) to 6.1.16 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.2.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's wilc1000 wifi driver occurs because the function unregister_netdev() is missing in the error handling path of wilc_netdev_ifc_init(). When alloc_ordered_workqueue() fails, the network device is not properly unregistered, leading to a kernel bug and invalid opcode error. The fix involves adding the missing unregister_netdev() call to ensure proper cleanup during error handling.
How can this vulnerability impact me? :
This vulnerability can cause a kernel crash (kernel BUG) due to improper error handling in the wifi driver, potentially leading to system instability or denial of service on affected Linux systems using the wilc1000 driver.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is due to a missing unregister_netdev() call in the error handling path of the wilc1000 driver initialization. Immediate mitigation would involve updating the Linux kernel to a version where this issue is fixed, as the fix adds the missing unregister_netdev() call in the error handling path. There are no specific workaround commands or steps provided.