CVE-2022-50282
Published: Sep 15, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdev_device_add() While doing fault injection test, I got the following report: ------------[ cut here ]------------ kobject: '(null)' (0000000039956980): is not initialized, yet kobject_put() is being called. WARNING: CPU: 3 PID: 6306 at kobject_put+0x23d/0x4e0 CPU: 3 PID: 6306 Comm: 283 Tainted: G W 6.1.0-rc2-00005-g307c1086d7c9 #1253 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:kobject_put+0x23d/0x4e0 Call Trace: <TASK> cdev_device_add+0x15e/0x1b0 __iio_device_register+0x13b4/0x1af0 [industrialio] __devm_iio_device_register+0x22/0x90 [industrialio] max517_probe+0x3d8/0x6b4 [max517] i2c_device_probe+0xa81/0xc00 When device_add() is injected fault and returns error, if dev->devt is not set, cdev_add() is not called, cdev_del() is not needed. Fix this by checking dev->devt in error path.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected da97a80a657d1b1b50ef633e8ff5dbf0d417fc8d - < 5d2146889fad4cb9e6c13e790d4cfd871486eca8affected 233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0 - < 6acf8597c5b04f455ee0649e11e5f3bcd28f381eaffected 233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0 - < 34d17b39bceef25e4cf9805cd59250ae05d0a139affected 233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0 - < d85b5247a79355b8432bfd9ac871f96117f750d4affected 233ed09d7fdacf592ee91e6c97ce5f4364fbe7c0 - < c46db6088bccff5115674d583fef46ede80077a2+9 more versions |
Linux | Linux | affected 4.12unaffected 0 - < 4.12unaffected 4.9.337 - <= 4.9.*unaffected 4.14.303 - <= 4.14.*unaffected 4.19.270 - <= 4.19.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now