CVE-2022-50481
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
Description
In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() If device_register() fails in cxl_register_afu|adapter(), the device is not added, device_unregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added device. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So split device_unregister() into device_del() and put_device(), then goes to put dev when register fails.
INFO
Published Date :
Oct. 4, 2025, 4:15 p.m.
Last Modified :
Oct. 6, 2025, 2:56 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Split device_unregister into device_del and put_device.
- Call put_dev on registration failure.
- Apply the provided kernel patch.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-50481.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-50481 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-50481
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-50481 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-50481 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 04, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() If device_register() fails in cxl_register_afu|adapter(), the device is not added, device_unregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added device. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So split device_unregister() into device_del() and put_device(), then goes to put dev when register fails. Added Reference https://git.kernel.org/stable/c/170e8c2d2b61e15e7f7cfeded81bc1e959a15ed8 Added Reference https://git.kernel.org/stable/c/1ae581696b7a799afa39a664c4b721569643f58a Added Reference https://git.kernel.org/stable/c/60b2ed21a65f3f5318666ccd765c3507991370cf Added Reference https://git.kernel.org/stable/c/61c80d1c3833e196256fb060382db94f24d3d9a7 Added Reference https://git.kernel.org/stable/c/96fba6fb95bdede80583c262ac185da09661f264 Added Reference https://git.kernel.org/stable/c/ab44c182353be101c3be9465e1d15d42130c53c4 Added Reference https://git.kernel.org/stable/c/b32559ee4e6667c5c3daf4ec5454c277d1f255d2 Added Reference https://git.kernel.org/stable/c/d775a1da5a52b4f4bb02f2707ba420d1bec48dbb Added Reference https://git.kernel.org/stable/c/e5021bbf11b024cc65ea1e84c377df484183be4b