5.5
CVE-2022-49974
- EPSS 0.18%
- Veröffentlicht 18.06.2025 11:00:37
- Zuletzt bearbeitet 13.11.2025 21:27:21
- CVE-Watchlists
- Unerledigt
HID: nintendo: fix rumble worker null pointer deref
In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: fix rumble worker null pointer deref We can dereference a null pointer trying to queue work to a destroyed workqueue. If the device is disconnected, nintendo_hid_remove is called, in which the rumble_queue is destroyed. Avoid using that queue to defer rumble work once the controller state is set to JOYCON_CTLR_STATE_REMOVED. This eliminates the null pointer dereference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.16 < 5.19.7
Linux ≫ Linux Kernel Version6.0 Updaterc1
Linux ≫ Linux Kernel Version6.0 Updaterc2
Linux ≫ Linux Kernel Version6.0 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.076 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/7c6e6c334154be16740b44dcd7638fb510b9bd91
https://git.kernel.org/stable/c/1ff89e06c2e5fab30274e4b02360d4241d6e605e