CVE-2022-50473Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized ResourceCWE-909Missing Initialization of Resource5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobject_init_and_add() In cpufreq_policy_alloc(), it will call uninitialed completion in cpufreq_sysfs_release() when kobject_init_and_add() fails. And that will cause a crash such as the following page fault in complete: BUG: unable to handle page fault for address: fffffffffffffff8 [..] RIP: 0010:complete+0x98/0x1f0 [..] Call Trace: kobject_put+0x1be/0x4c0 cpufreq_online.cold+0xee/0x1fd cpufr

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.1.65.4.229+4
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux4ebe36c94aed95de71a8ce6a6762226d31c938ee3cdd91a9163248935720927531066b74f57aa43b+7
debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-ph99-mx6c-hvf9: In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobject_init_and_add() In cpufreq_policy_alloc()2025-10-04
OSV
CVE-2022-50473: In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobject_init_and_add() In cpufreq_policy_alloc(),2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: cpufreq: Init completion before kobject_init_and_add()2025-10-04
Debian
CVE-2022-50473: linux - In the Linux kernel, the following vulnerability has been resolved: cpufreq: In...2022