CVE-2022-50634
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential null pointer dereference in the Linux kernel's power supply driver for cw2015. Specifically, the function cw_bat_probe() calls create_singlethread_workqueue() but does not check if the return value is NULL. If create_singlethread_workqueue() fails and returns NULL, subsequent calls that use this workqueue pointer will dereference a NULL pointer, leading to a kernel warning or crash. The fix involves checking the return value and returning an error (-ENOMEM) if the workqueue creation fails.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to dereference a NULL pointer, which may lead to kernel warnings, crashes, or system instability. This can affect system reliability and availability, potentially causing unexpected reboots or denial of service conditions on affected systems.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the cw2015 power supply driver has been fixed to properly check the return value of create_singlethread_workqueue() in cw_bat_probe(). This prevents a potential null pointer dereference by returning -ENOMEM if the workqueue creation fails.