CVE-2022-50481

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50481
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50481.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50481
Downstream
Related
Published
2025-10-04T15:16:40.374Z
Modified
2026-04-02T08:28:32.941137Z
Summary
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
Details

In the Linux kernel, the following vulnerability has been resolved:

cxl: fix possible null-ptr-deref in cxlguestinit_afu|adapter()

If deviceregister() fails in cxlregisterafu|adapter(), the device is not added, deviceunregister() can not be called in the error path, otherwise it will cause a null-ptr-deref because of removing not added device.

As comment of deviceregister() says, it should use putdevice() to give up the reference in the error path. So split deviceunregister() into devicedel() and put_device(), then goes to put dev when register fails.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50481.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
14baf4d9c739e6e69150512d2eb23c71fffcc192
Fixed
96fba6fb95bdede80583c262ac185da09661f264
Fixed
1ae581696b7a799afa39a664c4b721569643f58a
Fixed
d775a1da5a52b4f4bb02f2707ba420d1bec48dbb
Fixed
60b2ed21a65f3f5318666ccd765c3507991370cf
Fixed
170e8c2d2b61e15e7f7cfeded81bc1e959a15ed8
Fixed
e5021bbf11b024cc65ea1e84c377df484183be4b
Fixed
b32559ee4e6667c5c3daf4ec5454c277d1f255d2
Fixed
ab44c182353be101c3be9465e1d15d42130c53c4
Fixed
61c80d1c3833e196256fb060382db94f24d3d9a7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50481.json"