CVE-2022-50634

09.12.2025, 01:16

In the Linux kernel, the following vulnerability has been resolved:

power: supply: cw2015: Fix potential null-ptr-deref in cw_bat_probe()

cw_bat_probe() calls create_singlethread_workqueue() and not checked the
ret value, which may return NULL. And a null-ptr-deref may happen:

cw_bat_probe()
    create_singlethread_workqueue() # failed, cw_bat->wq is NULL
    queue_delayed_work()
        queue_delayed_work_on()
            __queue_delayed_work()  # warning here, but continue
                __queue_work()      # access wq->flags, null-ptr-deref

Check the ret value and return -ENOMEM if it is NULL.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.17.9-1 fixed
sid	6.17.11-1 fixed

References

https://git.kernel.org/stable/c/5150b76aa2eb8bb8feb7f7a048417f9d39c3dd04

https://git.kernel.org/stable/c/97f2b4ddb0aa700d673691a7d5e44d226d22bab7

https://git.kernel.org/stable/c/f7e2ba8ed08138102f21f3fe6414498c93177fd8