CVE-2022-50282

MEDIUM EPSS 6.6%
Published Sep 15, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 15, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdev_device_add() While doing fault injection test, I got the following report: ------------[ cut here ]------------ kobject: '(null)' (0000000039956980): is not initialized, yet kobject_put() is being called. WARNING: CPU: 3 PID: 6306 at kobject_put+0x23d/0x4e0 CPU: 3 PID: 6306 Comm: 283 Tainted: G W 6.1.0-rc2-00005-g307c1086d7c9 #1253 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:kobject_put+0x23d/0x4e0 Call Trace: <TASK> cdev_device_add+0x15e/0x1b0 __iio_device_register+0x13b4/0x1af0 [industrialio] __devm_iio_device_register+0x22/0x90 [industrialio] max517_probe+0x3d8/0x6b4 [max517] i2c_device_probe+0xa81/0xc00 When device_add() is injected fault and returns error, if dev->devt is not set, cdev_add() is not called, cdev_del() is not needed. Fix this by checking dev->devt in error path.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥3.16.83  –  <3.17
linuxlinux_kernel*≥4.4.224  –  <4.5
linuxlinux_kernel*≥4.9.224  –  <4.9.337
linuxlinux_kernel*≥4.12  –  <4.14.303
linuxlinux_kernel*≥4.15  –  <4.19.270
linuxlinux_kernel*≥4.20  –  <5.4.229
linuxlinux_kernel*≥5.5  –  <5.10.163
linuxlinux_kernel*≥5.11  –  <5.15.86
linuxlinux_kernel*≥5.16  –  <6.0.16
linuxlinux_kernel*≥6.1  –  <6.1.2

References 9

  • git.kernel.org https://git.kernel.org/stable/c/11fa7fefe3d8fac7da56bc9aa3dd5fb3081ca797
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/28dc61cc49c6e995121c6d86bef4b73df78dda80
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/34d17b39bceef25e4cf9805cd59250ae05d0a139
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d2146889fad4cb9e6c13e790d4cfd871486eca8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6acf8597c5b04f455ee0649e11e5f3bcd28f381e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/85a5660491b507d33662b8e81c142e6041e642eb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b5de1eac71fec1af7723f1083d23a24789fd795c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c46db6088bccff5115674d583fef46ede80077a2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d85b5247a79355b8432bfd9ac871f96117f750d4
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/11fa7fefe3d8fac7da56bc9aa3dd5fb3081ca797
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/28dc61cc49c6e995121c6d86bef4b73df78dda80
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/34d17b39bceef25e4cf9805cd59250ae05d0a139
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d2146889fad4cb9e6c13e790d4cfd871486eca8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6acf8597c5b04f455ee0649e11e5f3bcd28f381e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/85a5660491b507d33662b8e81c142e6041e642eb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b5de1eac71fec1af7723f1083d23a24789fd795c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c46db6088bccff5115674d583fef46ede80077a2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d85b5247a79355b8432bfd9ac871f96117f750d4
    Patch