5.5

CVE-2022-50181

EPSS 0.06%
Veröffentlicht 18.06.2025 11:03:30
Zuletzt bearbeitet 20.11.2025 22:05:33
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

virtio-gpu: fix a missing check to avoid NULL dereference

In the Linux kernel, the following vulnerability has been resolved:

virtio-gpu: fix a missing check to avoid NULL dereference

'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset()
and it will lead to a NULL dereference by a lately use of it
(i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check.


[ kraxel: minor codestyle fixup ]

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 4 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.4 < 5.10.137

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.61

Linux ≫ Linux Kernel Version >= 5.16 < 5.18.18

Linux ≫ Linux Kernel Version >= 5.19 < 5.19.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.193

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/259773fc874258606c0121767a4a27466ff337eb

Patch

https://git.kernel.org/stable/c/39caef09666c1d8274abf9472c72bcac236dc5fb

Patch

https://git.kernel.org/stable/c/adbdd21983fa292e53aec3eab97306b2961ea887

Patch

https://git.kernel.org/stable/c/367882a5a9448b5e1ba756125308092d614cb96c

Patch

https://git.kernel.org/stable/c/bd63f11f4c3c46afec07d821f74736161ff6e526

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-50181

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50181

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50181

EUVD