CVE-2022-50722
NULL Pointer Dereference in Linux ipu3-imgu Media Driver
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference in the Linux kernel's ipu3-imgu media driver. The driver incorrectly acquires pointers to active and try V4L2 subdevice states before determining which one to use. When the sd_state argument to functions like v4l2_subdev_get_try_crop() is NULL, the driver attempts to dereference it, leading to a NULL pointer dereference error. This issue has been fixed by correcting the order and checks in the code.
How can this vulnerability impact me? :
The NULL pointer dereference can cause the affected system to crash or become unstable, potentially leading to denial of service conditions. This may disrupt media processing functionalities relying on the ipu3-imgu driver in the Linux kernel.