5.5
CVE-2022-49254
- EPSS 0.25%
- Veröffentlicht 26.02.2025 07:01:02
- Zuletzt bearbeitet 22.09.2025 20:55:41
- CVE-Watchlists
- Unerledigt
media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats()
In the Linux kernel, the following vulnerability has been resolved: media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() In cal_ctx_v4l2_init_formats(), devm_kzalloc() is assigned to ctx->active_fmt and there is a dereference of it after that, which could lead to NULL pointer dereference on failure of devm_kzalloc(). Fix this bug by adding a NULL check of ctx->active_fmt. This bug was found by a static analyzer. Builds with 'make allyesconfig' show no new warnings, and our static analyzer no longer warns about this code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.12 < 5.15.33
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.19
Linux ≫ Linux Kernel Version >= 5.17 < 5.17.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.165 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/1381f1a629a090c251965edb56f849ad648414a4
https://git.kernel.org/stable/c/91e2805579ab0783eed53acc2bf9fb553e939004
https://git.kernel.org/stable/c/aa613ac270292e102503e9767882e39200efe608
https://git.kernel.org/stable/c/abd77889851d2ead0d0c9c4d29f1808801477b00