CVE-2022-50266
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
15/09/2025
Last modified:
02/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
kprobes: Fix check for probe enabled in kill_kprobe()<br />
<br />
In kill_kprobe(), the check whether disarm_kprobe_ftrace() needs to be<br />
called always fails. This is because before that we set the<br />
KPROBE_FLAG_GONE flag for kprobe so that "!kprobe_disabled(p)" is always<br />
false.<br />
<br />
The disarm_kprobe_ftrace() call introduced by commit:<br />
<br />
0cb2f1372baa ("kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler")<br />
<br />
to fix the NULL pointer reference problem. When the probe is enabled, if<br />
we do not disarm it, this problem still exists.<br />
<br />
Fix it by putting the probe enabled check before setting the<br />
KPROBE_FLAG_GONE flag.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.4.238 (including) | 4.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.9.238 (including) | 4.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.200 (including) | 4.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.149 (including) | 4.20 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4.69 (including) | 5.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.8.13 (including) | 5.9 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.9.1 (including) | 6.0.16 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1 (including) | 6.1.2 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.9:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.9:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.9:rc8:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page