CVE-2022-50812

EUVD-2022-55886

30.12.2025, 13:15

In the Linux kernel, the following vulnerability has been resolved:

security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6

A bad bug in clang's implementation of -fzero-call-used-regs can result
in NULL pointer dereferences (see the links above the check for more
information). Restrict CONFIG_CC_HAS_ZERO_CALL_USED_REGS to either a
supported GCC version or a clang newer than 15.0.6, which will catch
both a theoretical 15.0.7 and the upcoming 16.0.0, which will both have
the bug fixed.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
forky	6.17.13-1 fixed
sid	6.17.13-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed

References

https://git.kernel.org/stable/c/0b202dfedb5aa2e7d07d849be33fa3a48c026926

https://git.kernel.org/stable/c/21ca0bfa11bbb9a9207f5d2104f47d3d71b4616e

https://git.kernel.org/stable/c/8a4236456a3a402f6bb92aa7b75e7a3b4ef7a72c

https://git.kernel.org/stable/c/d6a9fb87e9d18f3394a9845546bbe868efdccfd2