CVE-2022-50616Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference6 documents5 sources
Severity
6.7MEDIUM
No vector
EPSS
0.0%
top 90.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 8

Description

In the Linux kernel, the following vulnerability has been resolved: regulator: core: Use different devices for resource allocation and DT lookup Following by the below discussion, there's the potential UAF issue between regulator and mfd. https://lore.kernel.org/all/[email protected]/ From the analysis of Yingliang CPU A |CPU B mt6370_probe() | devm_mfd_add_devices() | |mt6370_regulator_probe() | regulator_register() | //allocate init_data and add it to devres

Affected Packages4 packages

Linuxlinux/linux_kernel3.18.06.0.16+1
Debianlinux/linux_kernel< 6.1.4-1+2
CVEListV5linux/linuxa0c7b164ad115ec0556dc0904ee2218cbc5cedfacb29811d989bcb7ea81ca111c4b13878b344e086+3
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2022-50616: In the Linux kernel, the following vulnerability has been resolved: regulator: core: Use different devices for resource allocation and DT lookup Follo2025-12-08
GHSA
GHSA-4gcp-hx9q-5r25: In the Linux kernel, the following vulnerability has been resolved: regulator: core: Use different devices for resource allocation and DT lookup Fol2025-12-08
OSV
regulator: core: Use different devices for resource allocation and DT lookup2025-12-08

📋Vendor Advisories

2
Red Hat
kernel: regulator: core: Use different devices for resource allocation and DT lookup2025-12-08
Debian
CVE-2022-50616: linux - In the Linux kernel, the following vulnerability has been resolved: regulator: ...2022