DEBIAN-CVE-2022-50282
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-50282
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50282.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-50282
- Upstream
- Published
- 2025-09-15T15:15:39Z
- Modified
- 2025-09-19T07:33:07.425839Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdevdeviceadd() While doing fault injection test, I got the following report: ------------[ cut here ]------------ kobject: '(null)' (0000000039956980): is not initialized, yet kobjectput() is being called. WARNING: CPU: 3 PID: 6306 at kobjectput+0x23d/0x4e0 CPU: 3 PID: 6306 Comm: 283 Tainted: G W 6.1.0-rc2-00005-g307c1086d7c9 #1253 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:kobjectput+0x23d/0x4e0 Call Trace: <TASK> cdevdeviceadd+0x15e/0x1b0 _iiodeviceregister+0x13b4/0x1af0 [industrialio] _devmiiodeviceregister+0x22/0x90 [industrialio] max517probe+0x3d8/0x6b4 [max517] i2cdeviceprobe+0xa81/0xc00 When deviceadd() is injected fault and returns error, if dev->devt is not set, cdevadd() is not called, cdevdel() is not needed. Fix this by checking dev->devt in error path.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.178-1
Affected versions
5.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source