CVE-2022-50642 — Expired Pointer Dereference in Linux

CWE-825 — Expired Pointer Dereference6 documents5 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 90.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_typec: zero out stale pointers `cros_typec_get_switch_handles` allocates four pointers when obtaining type-c switch handles. These pointers are all freed if failing to obtain any of them; therefore, pointers in `port` become stale. The stale pointers eventually cause use-after-free or double free in later code paths. Zeroing out all pointer fields after freeing to eliminate these stale pointers.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.9.0 — 5.15.86+2

▶Debianlinux/linux_kernel< 6.1.4-1+2

▶CVEListV5linux/linuxf28adb41dab4a2795fd959750df57adffd2bb0be — 0ceadb5a3e45f1b81cf54bd496b40a5e50b6bd40+4

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

OSV

CVE-2022-50642: In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_typec: zero out stale pointers `cros_typec_get_switch_han↗2025-12-09

▶

OSV

platform/chrome: cros_ec_typec: zero out stale pointers↗2025-12-09

▶

GHSA

GHSA-hcmx-x6wc-rr97: In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_typec: zero out stale pointers `cros_typec_get_switch_h↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: platform/chrome: cros_ec_typec: zero out stale pointers↗2025-12-09

▶

Debian

CVE-2022-50642: linux - In the Linux kernel, the following vulnerability has been resolved: platform/ch...↗2022

▶