CVE-2022-50875 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

4.7MEDIUM

No vector

EPSS

0.0%

top 85.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() When kmalloc() fail to allocate memory in kasprintf(), fn_1 or fn_2 will be NULL, and strcmp() will cause null pointer dereference.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.0.0 — 5.4.229+4

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶CVEListV5linux/linux2fe0e8769df9fed5098daea7db933bc414c329d7 — 9ec5781879b4535ad59b5354b385825378e45618+6

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-7394-w6hr-wqhw: In the Linux kernel, the following vulnerability has been resolved: of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and fin↗2025-12-30

▶

OSV

CVE-2022-50875: In the Linux kernel, the following vulnerability has been resolved: of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find↗2025-12-30

▶

OSV

of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()↗2025-12-30

▶

📋Vendor Advisories

Red Hat

kernel: of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop()↗2025-12-30

▶

Debian

CVE-2022-50875: linux - In the Linux kernel, the following vulnerability has been resolved: of: overlay...↗2022

▶

🕵️Threat Intelligence

Wiz

CVE-2022-50875 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶