CVE-2022-50642

09.12.2025, 01:16

In the Linux kernel, the following vulnerability has been resolved:

platform/chrome: cros_ec_typec: zero out stale pointers

`cros_typec_get_switch_handles` allocates four pointers when obtaining
type-c switch handles. These pointers are all freed if failing to obtain
any of them; therefore, pointers in `port` become stale. The stale
pointers eventually cause use-after-free or double free in later code
paths. Zeroing out all pointer fields after freeing to eliminate these
stale pointers.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.17.9-1 fixed
sid	6.17.11-1 fixed

References

https://git.kernel.org/stable/c/0ceadb5a3e45f1b81cf54bd496b40a5e50b6bd40

https://git.kernel.org/stable/c/6613f36a2fa5c69e528bccba8b3d831f759dad2f

https://git.kernel.org/stable/c/9a8aadcf0b459c1257b9477fd6402e1d5952ae07

https://git.kernel.org/stable/c/b610758bb3e0674644c1255cdafc2f46b7e05ff9