Unrated severityNVD Advisory· Published Jun 18, 2025· Updated Jun 19, 2025

HID: nintendo: fix rumble worker null pointer deref

CVE-2022-49974

Description

In the Linux kernel, the following vulnerability has been resolved:

We can dereference a null pointer trying to queue work to a destroyed workqueue.

If the device is disconnected, nintendo_hid_remove is called, in which the rumble_queue is destroyed. Avoid using that queue to defer rumble work once the controller state is set to JOYCON_CTLR_STATE_REMOVED.

This eliminates the null pointer dereference.

Affected products

Linux/HID nintendollm-create
Linux/Linuxv5
Range: 5.16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/stable/c/1ff89e06c2e5fab30274e4b02360d4241d6e605emitre
git.kernel.org/stable/c/7c6e6c334154be16740b44dcd7638fb510b9bd91mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000