CVE-2022-50530
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2022-50530, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-07

Last updated on: 2026-03-17

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() Our syzkaller report a null pointer dereference, root cause is following: __blk_mq_alloc_map_and_rqs set->tags[hctx_idx] = blk_mq_alloc_map_and_rqs blk_mq_alloc_map_and_rqs blk_mq_alloc_rqs // failed due to oom alloc_pages_node // set->tags[hctx_idx] is still NULL blk_mq_free_rqs drv_tags = set->tags[hctx_idx]; // null pointer dereference is triggered blk_mq_clear_rq_mapping(drv_tags, ...) This is because commit 63064be150e4 ("blk-mq: Add blk_mq_alloc_map_and_rqs()") merged the two steps: 1) set->tags[hctx_idx] = blk_mq_alloc_rq_map() 2) blk_mq_alloc_rqs(..., set->tags[hctx_idx]) into one step: set->tags[hctx_idx] = blk_mq_alloc_map_and_rqs() Since tags is not initialized yet in this case, fix the problem by checking if tags is NULL pointer in blk_mq_clear_rq_mapping().

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-07
Last Modified
2026-03-17
Generated
2026-07-06
AI Q&A
2025-10-07
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.1
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a null pointer dereference in the Linux kernel's blk-mq subsystem, specifically in the blk_mq_clear_rq_mapping() function. It occurs because a pointer (set->tags[hctx_idx]) is not properly initialized when memory allocation fails (due to out-of-memory conditions), leading to a null pointer being dereferenced. The issue arose after a code change merged two steps into one without ensuring the pointer was valid before use. The fix involves checking if the pointer is NULL before dereferencing it.

Impact Analysis

This vulnerability can cause a null pointer dereference in the Linux kernel, which typically leads to a kernel crash (kernel panic) or system instability. This can result in denial of service (DoS) conditions where the affected system becomes unresponsive or requires a reboot.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50530. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart