CVE-2022-50509
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-03-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 4.10 (inc) to 4.14.303 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's media subsystem, specifically the coda component. The issue arises because the function kmalloc, which allocates memory, may return a NULL pointer if the allocation fails. The vulnerability exists because the code did not check if kmalloc returned NULL before using the pointer, which can lead to a NULL pointer dereference and potentially cause a system crash or instability. The fix involved adding a check for the kmalloc return value to prevent this.
How can this vulnerability impact me? :
If exploited or triggered, this vulnerability can cause a NULL pointer dereference in the Linux kernel, leading to a system crash or kernel panic. This can result in denial of service, making the system unstable or unavailable until rebooted or fixed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the 'media: coda' component includes the check for kmalloc's return value to avoid NULL pointer dereference. Applying the latest kernel patches or updates that address this issue is recommended.