Null Pointer Dereference in Linux Kernel's VKMS Component
CVE-2022-50369

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
17 September 2025

What is CVE-2022-50369?

A vulnerability exists in the Linux kernel's VKMS (Virtual Kernel Mode Setting) component, which can cause a null pointer dereference when attempting to destroy the workqueue associated with VKMS. This issue arises during the resource release process, particularly when an Out of Memory (OOM) condition occurs, leading to a scenario where the workqueue has not been allocated prior to its deallocation attempt. The issue can be mitigated by implementing a check to ensure the workqueue pointer is not NULL before invoking the destroy function.

Affected Version(s)

Linux 6c234fe37c57627a5baf96f552afa1fae2b67d4d < 0b8f390e2251191f1b179cc87f65d54c96565f0d

Linux 6c234fe37c57627a5baf96f552afa1fae2b67d4d < 1f9836f95271e7acf016667eee0aeae3386f9645

Linux 6c234fe37c57627a5baf96f552afa1fae2b67d4d < 596f1ba3987e601e31a5abf1f75ce1d2635aceac

References

https://git.kernel.org/stable/c/0b8f390e2251191f1b179cc87...
https://git.kernel.org/stable/c/1f9836f95271e7acf016667ee...
https://git.kernel.org/stable/c/596f1ba3987e601e31a5abf1f...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-50369 : Null Pointer Dereference in Linux Kernel's VKMS Component