Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: power: supply: cw2015: Fix potential null-ptr-deref in cw_bat_probe() cw_bat_probe() calls create_singlethread_workqueue() and not checked the ret value, which may return NULL. And a null-ptr-deref may happen: cw_bat_probe() create_singlethread_workqueue() # failed, cw_bat->wq is NULL queue_delayed_work() queue_delayed_work_on() __queue_delayed_work() # warning here, but continue __queue_work() # access wq->flags, null-ptr-deref Check the ret value and return -ENOMEM if it is NULL.
References
- https://git.kernel.org/stable/c/5150b76aa2eb8bb8feb7f7a048417f9d39c3dd04
- https://git.kernel.org/stable/c/97f2b4ddb0aa700d673691a7d5e44d226d22bab7
- https://git.kernel.org/stable/c/f7e2ba8ed08138102f21f3fe6414498c93177fd8
FAQ
What is CVE-2022-50634?
CVE-2022-50634 is a documented vulnerability. In the Linux kernel, the following vulnerability has been resolved: power: supply: cw2015: Fix potential null-ptr-deref in cw_bat_probe() cw_bat_probe() calls create_singlethread_workqueue() and not...
How severe is CVE-2022-50634?
CVSS scoring is not yet available for CVE-2022-50634. Check NVD for updates.
Is there a patch for CVE-2022-50634?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.