CVE-2022-50364
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-12-10
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 4.3 (inc) to 5.10.163 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.86 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.0.16 (exc) |
| linux | linux_kernel | From 6.1 (inc) to 6.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's i2c mux reg driver where the function platform_get_resource() may return NULL. If this happens, the subsequent call to resource_size() causes a null pointer dereference, leading to a potential crash or instability. The fix involves checking the return value of platform_get_resource() before calling resource_size(), moving the call after devm_ioremap_resource() which performs the necessary NULL check, and simplifying the code by using devm_platform_get_and_ioremap_resource().
How can this vulnerability impact me? :
This vulnerability can cause a null pointer dereference in the Linux kernel, which may lead to system crashes or instability. This can affect the reliability and availability of systems running the vulnerable kernel, potentially causing denial of service or unexpected behavior.