Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix NULL-pointer dereferences There are several places where we can crash the kernel by requesting lines, unbinding the GPIO device, then calling any of the system calls relevant to the GPIO character device's annonymous file descriptors: ioctl(), read(), poll(). While I observed it with the GPIO simulator, it will also happen for any of the GPIO devices that can be hot-unplugged - for instance any HID GPIO expander (e.g. CP2112). This affects both v1 and v2 uAPI. This fixes it partially by checking if gdev->chip is not NULL but it doesn't entirely remedy the situation as we still have a race condition in which another thread can remove the device after the check.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.8, < 5.10.163 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/533aae7c94dbc2b14301cfd68ae7e0e90f0c8438Patch
- https://git.kernel.org/stable/c/6d79546622baab843172b52c3af035f83c1b21dfPatch
- https://git.kernel.org/stable/c/7c755a2d6df511eeb5afba966ac28140f9ea5063Patch
- https://git.kernel.org/stable/c/ac6ce3cd7a3e10a2e37b8970bab81b4d33d5cfc3Patch
- https://git.kernel.org/stable/c/d66f68ac9e7ba46b6b90fbe25155723f2126088aPatch
FAQ
What is CVE-2022-50453?
CVE-2022-50453 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix NULL-pointer dereferences There are several places where we can crash the kernel by requesting lines, unbinding...
How severe is CVE-2022-50453?
CVE-2022-50453 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-50453?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.