CVE-2022-50453
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
01/10/2025
Last modified:
16/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
gpiolib: cdev: fix NULL-pointer dereferences<br />
<br />
There are several places where we can crash the kernel by requesting<br />
lines, unbinding the GPIO device, then calling any of the system calls<br />
relevant to the GPIO character device&#39;s annonymous file descriptors:<br />
ioctl(), read(), poll().<br />
<br />
While I observed it with the GPIO simulator, it will also happen for any<br />
of the GPIO devices that can be hot-unplugged - for instance any HID GPIO<br />
expander (e.g. CP2112).<br />
<br />
This affects both v1 and v2 uAPI.<br />
<br />
This fixes it partially by checking if gdev->chip is not NULL but it<br />
doesn&#39;t entirely remedy the situation as we still have a race condition<br />
in which another thread can remove the device after the check.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.8 (including) | 5.10.163 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.86 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.0.16 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1 (including) | 6.1.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/533aae7c94dbc2b14301cfd68ae7e0e90f0c8438
- https://git.kernel.org/stable/c/6d79546622baab843172b52c3af035f83c1b21df
- https://git.kernel.org/stable/c/7c755a2d6df511eeb5afba966ac28140f9ea5063
- https://git.kernel.org/stable/c/ac6ce3cd7a3e10a2e37b8970bab81b4d33d5cfc3
- https://git.kernel.org/stable/c/d66f68ac9e7ba46b6b90fbe25155723f2126088a