CVE-2022-50812
NULL Pointer Dereference in Linux Kernel via Clang -fzero-call-used-regs
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | gcc | * |
| llvm | clang | 15.0.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a bug in the clang compiler's implementation of the -fzero-call-used-regs feature, which can cause NULL pointer dereferences in the Linux kernel. The fix restricts the CONFIG_ZERO_CALL_USED_REGS setting to only be enabled with supported GCC versions or clang versions newer than 15.0.6, as earlier versions have this bug.
How can this vulnerability impact me? :
The vulnerability can lead to NULL pointer dereferences in the Linux kernel, which may cause system crashes or instability, potentially affecting system reliability and security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Linux kernel build configuration restricts CONFIG_ZERO_CALL_USED_REGS to use only supported GCC versions or clang versions newer than 15.0.6. This prevents the buggy implementation of -fzero-call-used-regs from causing NULL pointer dereferences. Specifically, update your compiler to GCC or clang versions that have fixed this issue (clang > 15.0.6) and rebuild your kernel accordingly.