CVE-2022-50888
Unknown Unknown - Not Provided
Null Pointer Dereference in Linux Kernel q6v5 Remoteproc Component

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() q6v5_wcss_init_mmio() will call platform_get_resource_byname() that may fail and return NULL. devm_ioremap() will use res->start as input, which may causes null-ptr-deref. Check the ret value of platform_get_resource_byname() to avoid the null-ptr-deref.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50888
EUVD
EUVD-2022-55908
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

A null pointer dereference can cause the affected system to crash or become unstable, potentially leading to denial of service. Since this occurs in the Linux kernel's remoteproc driver, it could impact devices using this driver by causing unexpected reboots or failures.

Executive Summary

This vulnerability is a potential null pointer dereference in the Linux kernel's remoteproc driver for Qualcomm q6v5. Specifically, the function q6v5_wcss_init_mmio() calls platform_get_resource_byname(), which may fail and return NULL. If this happens, devm_ioremap() uses the NULL resource's start address, causing a null pointer dereference. The fix involves checking the return value of platform_get_resource_byname() to avoid this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50888. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart