Null Pointer Dereference Vulnerability in Linux Kernel Media Driver
CVE-2022-50359

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 17 September 2025

What is CVE-2022-50359?

A null pointer dereference vulnerability exists in the Linux kernel's media subsystem, specifically within the cx88 driver. When the cx88_risc_buffer() function is invoked to prepare a buffer, it may fail, leading to an empty buffer initialization. Subsequent operations may then result in dereferencing a null pointer when trying to access this buffer, potentially causing the system to experience a general protection fault. This vulnerability highlights the importance of proper error handling in buffer management within device drivers.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 10c99d1c46ea9cd940029e17bab11d021f315c21

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4befc7ffa18ef9a4b70d854465313a345a06862f

References

https://git.kernel.org/stable/c/c76d04d2079a4b7369ce9a0e8...

https://git.kernel.org/stable/c/10c99d1c46ea9cd940029e17b...

https://git.kernel.org/stable/c/4befc7ffa18ef9a4b70d85446...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Sep 17, 2025