5.5

CVE-2022-50218

EPSS 0.06%
Veröffentlicht 18.06.2025 11:03:54
Zuletzt bearbeitet 19.11.2025 12:59:40
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

iio: light: isl29028: Fix the warning in isl29028_remove()

In the Linux kernel, the following vulnerability has been resolved:

iio: light: isl29028: Fix the warning in isl29028_remove()

The driver use the non-managed form of the register function in
isl29028_remove(). To keep the release order as mirroring the ordering
in probe, the driver should use non-managed form in probe, too.

The following log reveals it:

[   32.374955] isl29028 0-0010: remove
[   32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI
[   32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[   32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0
[   32.385461] Call Trace:
[   32.385807]  sysfs_unmerge_group+0x59/0x110
[   32.386110]  dpm_sysfs_remove+0x58/0xc0
[   32.386391]  device_del+0x296/0xe50
[   32.386959]  cdev_device_del+0x1d/0xd0
[   32.387231]  devm_iio_device_unreg+0x27/0xb0
[   32.387542]  devres_release_group+0x319/0x3d0
[   32.388162]  i2c_device_remove+0x93/0x1f0

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

NVD 7 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.11 < 4.14.291

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.256

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.211

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.137

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.61

Linux ≫ Linux Kernel Version >= 5.16 < 5.18.18

Linux ≫ Linux Kernel Version >= 5.19 < 5.19.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.194

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/ca63d5abf404d2934e2ac03545350de7bb8c8e96

Patch

https://git.kernel.org/stable/c/359f3b150eab30805fe0e4e9d616887d7257a625

Patch

https://git.kernel.org/stable/c/ed43fb20d3d1fca9d79db0d5faf4321a4dd58c23

Patch

https://git.kernel.org/stable/c/fb1888205c0782f287e5dd4ffff1f665332e868c

Patch

https://git.kernel.org/stable/c/fac589fb764699a4bcd288f6656b8cd0408ea968

Patch

https://git.kernel.org/stable/c/4f0ebfb4b9bfad2326c0b2c3cc7e37f4b9ee9eba

Patch

https://git.kernel.org/stable/c/a1135205b0affd255510775a27df571aca84ab4b

Patch

https://git.kernel.org/stable/c/06674fc7c003b9d0aa1d37fef7ab2c24802cc6ad

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-50218

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50218

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50218

EUVD