CVE-2022-49974

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49974

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49974.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49974

Downstream

DEBIAN-CVE-2022-49974

RHSA-2023:2458

UBUNTU-CVE-2022-49974

Published

2025-06-18T11:15:24Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: nintendo: fix rumble worker null pointer deref

We can dereference a null pointer trying to queue work to a destroyed workqueue.

If the device is disconnected, nintendohidremove is called, in which the rumblequeue is destroyed. Avoid using that queue to defer rumble work once the controller state is set to JOYCONCTLRSTATEREMOVED.

This eliminates the null pointer dereference.

References

Affected packages