CVE-2022-50826

EPSS 0.03%
Veröffentlicht 30.12.2025 12:08:38
Zuletzt bearbeitet 31.12.2025 20:43:05
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection()

Calling v4l2_subdev_get_try_crop() and v4l2_subdev_get_try_compose()
with a subdev state of NULL leads to a NULL pointer dereference. This
can currently happen in imgu_subdev_set_selection() when the state
passed in is NULL, as this method first gets pointers to both the "try"
and "active" states and only then decides which to use.

The same issue has been addressed for imgu_subdev_get_selection() with
commit 30d03a0de650 ("ipu3-imgu: Fix NULL pointer dereference in active
selection access"). However the issue still persists in
imgu_subdev_set_selection().

Therefore, apply a similar fix as done in the aforementioned commit to
imgu_subdev_set_selection(). To keep things a bit cleaner, introduce
helper functions for "crop" and "compose" access and use them in both
imgu_subdev_set_selection() and imgu_subdev_get_selection().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < fa6bbb4894b9b947063c6ff90018a954c5f9f4b3

Version 0d346d2a6f54f06f36b224fd27cd6eafe8c83be9

Status affected

Version < 611d617bdb6c5d636a9861ec1c98e813fc8a5556

Version 0d346d2a6f54f06f36b224fd27cd6eafe8c83be9

Status affected

Version < 5038ee677606106c91564f9c4557d808d14bad70

Version 0d346d2a6f54f06f36b224fd27cd6eafe8c83be9

Status affected

Version < dc608edf7d45ba0c2ad14c06eccd66474fec7847

Version 0d346d2a6f54f06f36b224fd27cd6eafe8c83be9

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.14

Status affected

Version < 5.14

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.87

Status unaffected

Version <= 6.0.*

Version 6.0.18

Status unaffected

Version <= 6.1.*

Version 6.1.4

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/fa6bbb4894b9b947063c6ff90018a954c5f9f4b3

https://git.kernel.org/stable/c/611d617bdb6c5d636a9861ec1c98e813fc8a5556

https://git.kernel.org/stable/c/5038ee677606106c91564f9c4557d808d14bad70

https://git.kernel.org/stable/c/dc608edf7d45ba0c2ad14c06eccd66474fec7847

https://nvd.nist.gov/vuln/detail/CVE-2022-50826

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50826

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50826

EUVD