CVE-2022-49974

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49974
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49974.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49974
Downstream
Published
2025-06-18T11:15:24Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: nintendo: fix rumble worker null pointer deref

We can dereference a null pointer trying to queue work to a destroyed workqueue.

If the device is disconnected, nintendohidremove is called, in which the rumblequeue is destroyed. Avoid using that queue to defer rumble work once the controller state is set to JOYCONCTLRSTATEREMOVED.

This eliminates the null pointer dereference.

References

Affected packages