Null Pointer Dereference in Linux Kernel Hugetlbfs Component
CVE-2022-50334

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 September 2025

What is CVE-2022-50334?

A null pointer dereference vulnerability exists in the hugetlbfs component of the Linux kernel, triggered when parsing illegal mount parameters. The bug arises in the hugetlbfs_parse_param() function, which incorrectly attempts to dereference a parameter string that can be null. This occurs if an improper mount command, such as 'size=,' is issued, leading to unstable kernel behavior. A corrective patch has been introduced to ensure proper checks for null pointers before dereferencing them, improving the reliability of the filesystem.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9a8862820cbf1f18dca4f3b4c289d88561b3a384

References

https://git.kernel.org/stable/c/fa71639873518e3587632ae58...

https://git.kernel.org/stable/c/dcd28191be9bbf307ba51a5b4...

https://git.kernel.org/stable/c/9a8862820cbf1f18dca4f3b4c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 15, 2025