Null Pointer Dereference Vulnerability in Linux Kernel's I2C Mux Resource Handling
CVE-2022-50364

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
17 September 2025

What is CVE-2022-50364?

A vulnerability in the Linux Kernel's I2C subsystem allows for potential null pointer dereferences due to improper handling of resource allocation. When the function platform_get_resource() returns NULL, subsequent calls to resource_size() may trigger crashes. To mitigate this issue, the code should ensure that resource_size() is invoked only after checking that the resource is valid. This can be achieved by utilizing the function devm_platform_get_and_ioremap_resource(), which simplifies the resource management process and includes appropriate checks to prevent this vulnerability.

Affected Version(s)

Linux b3fdd32799d834e2626fae087906e886037350c6 < 61df25c41b8e0d2c988ccf17139f70075a2e1ba4

Linux b3fdd32799d834e2626fae087906e886037350c6 < 8212800943997fab61874550278d653cb378c60c

Linux b3fdd32799d834e2626fae087906e886037350c6

References

https://git.kernel.org/stable/c/61df25c41b8e0d2c988ccf171...
https://git.kernel.org/stable/c/8212800943997fab618745502...
https://git.kernel.org/stable/c/f5049b3ad9446203b916ee375...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-50364 : Null Pointer Dereference Vulnerability in Linux Kernel's I2C Mux Resource Handling