CVE-2022-50812
Unknown Unknown - Not Provided
NULL Pointer Dereference in Linux Kernel via Clang -fzero-call-used-regs

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 A bad bug in clang's implementation of -fzero-call-used-regs can result in NULL pointer dereferences (see the links above the check for more information). Restrict CONFIG_CC_HAS_ZERO_CALL_USED_REGS to either a supported GCC version or a clang newer than 15.0.6, which will catch both a theoretical 15.0.7 and the upcoming 16.0.0, which will both have the bug fixed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50812
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gnu gcc *
llvm clang 15.0.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a bug in the clang compiler's implementation of the -fzero-call-used-regs feature, which can cause NULL pointer dereferences in the Linux kernel. The fix restricts the CONFIG_ZERO_CALL_USED_REGS setting to only be enabled with supported GCC versions or clang versions newer than 15.0.6, as earlier versions have this bug.

Impact Analysis

The vulnerability can lead to NULL pointer dereferences in the Linux kernel, which may cause system crashes or instability, potentially affecting system reliability and security.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel build configuration restricts CONFIG_ZERO_CALL_USED_REGS to use only supported GCC versions or clang versions newer than 15.0.6. This prevents the buggy implementation of -fzero-call-used-regs from causing NULL pointer dereferences. Specifically, update your compiler to GCC or clang versions that have fixed this issue (clang > 15.0.6) and rebuild your kernel accordingly.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50812. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart