VYPR
Medium severity5.5NVD Advisory· Published May 1, 2025· Updated Jun 17, 2026

CVE-2022-49805

CVE-2022-49805

Description

In the Linux kernel, the following vulnerability has been resolved:

net: lan966x: Fix potential null-ptr-deref in lan966x_stats_init()

lan966x_stats_init() calls create_singlethread_workqueue() and not checked the ret value, which may return NULL. And a null-ptr-deref may happen:

lan966x_stats_init() create_singlethread_workqueue() # failed, lan966x->stats_queue is NULL queue_delayed_work() queue_delayed_work_on() __queue_delayed_work() # warning here, but continue __queue_work() # access wq->flags, null-ptr-deref

Check the ret value and return -ENOMEM if it is NULL.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.