Null Pointer Dereference Vulnerability in Linux Kernel Affects Megachips Drivers
CVE-2022-50317

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 September 2025

What is CVE-2022-50317?

A vulnerability in the Linux kernel related to the Megachips driver has been identified, specifically concerning a null pointer dereference that occurs when removing the module. This issue arises because the drivers for the stdp2690 and stdp4028 bridges do not probe simultaneously, leading the system to attempt removal of an uninitialized object, resulting in a general protection fault. The vulnerability has been mitigated by implementing a check to ensure that both bridges are probed before proceeding with any removal operations.

Affected Version(s)

Linux 7649972d97fb98578fbc4a351416cf72895e7c4d

Linux 16e3827904932eccfba0915f0c93b519de3536ac < 5bc20bafcd87ba0858ab772cefc7047cb51bc249

Linux 50ad94f8654a53ec9ca3604a7a23cbaf166e0119 < 1daf69228e310938177119c4eadcd30fc75c81e0

References

https://git.kernel.org/stable/c/aaa512ad1e59f2edf8a9e4f2b...

https://git.kernel.org/stable/c/5bc20bafcd87ba0858ab772ce...

https://git.kernel.org/stable/c/1daf69228e310938177119c4e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 15, 2025