CVE-2022-50634

Summary

In the Linux kernel, the following vulnerability has been resolved:

power: supply: cw2015: Fix potential null-ptr-deref in cw_bat_probe()

cw_bat_probe() calls create_singlethread_workqueue() and not checked the ret value, which may return NULL. And a null-ptr-deref may happen:

cw_bat_probe() create_singlethread_workqueue() # failed, cw_bat->wq is NULL queue_delayed_work() queue_delayed_work_on() __queue_delayed_work() # warning here, but continue __queue_work() # access wq->flags, null-ptr-deref

Check the ret value and return -ENOMEM if it is NULL.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb4c7715c10c106a041b0b3fabd26151c214ea394 < f7e2ba8ed08138102f21f3fe6414498c93177fd8affected
LinuxLinuxb4c7715c10c106a041b0b3fabd26151c214ea394 < 5150b76aa2eb8bb8feb7f7a048417f9d39c3dd04affected
LinuxLinuxb4c7715c10c106a041b0b3fabd26151c214ea394 < 97f2b4ddb0aa700d673691a7d5e44d226d22bab7affected
LinuxLinux5.8affected
LinuxLinux0 < 5.8unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References