VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2022-50634

CVE-2022-50634

Description

In the Linux kernel, the following vulnerability has been resolved:

power: supply: cw2015: Fix potential null-ptr-deref in cw_bat_probe()

cw_bat_probe() calls create_singlethread_workqueue() and not checked the ret value, which may return NULL. And a null-ptr-deref may happen:

cw_bat_probe() create_singlethread_workqueue() # failed, cw_bat->wq is NULL queue_delayed_work() queue_delayed_work_on() __queue_delayed_work() # warning here, but continue __queue_work() # access wq->flags, null-ptr-deref

Check the ret value and return -ENOMEM if it is NULL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Null-pointer dereference in Linux kernel's cw2015 power supply driver due to unchecked workqueue creation, leading to potential crash.

Vulnerability

Overview

In the Linux kernel, the cw2015 power supply driver suffers from a null-pointer dereference vulnerability in the cw_bat_probe() function. The function calls create_singlethread_workqueue() to allocate a workqueue, but does not check its return value. If the allocation fails (e.g., due to memory pressure), the function continues to use the NULL pointer cw_bat->wq in subsequent workqueue operations, such as queue_delayed_work(), which ultimately leads to a null-pointer dereference when accessing wq->flags in __queue_work().

Exploitation

Prerequisites

Exploitation requires the ability to trigger the probe of a cw2015 device. This can occur when the corresponding hardware is present and the driver is loaded, or when a malicious device is introduced (e.g., via USB or other hot-plug interfaces). No authentication is explicitly required; the attack may be initiated by a local user who can cause the driver to bind to a device. The vulnerability can be triggered without any special privileges beyond the ability to cause device enumeration.

Impact

A successful null-pointer dereference results in a kernel crash, causing a denial of service (DoS). Given that the crash occurs in kernel context, it may also lead to system instability or, in some configurations, privilege escalation if an attacker can control the kernel memory layout. However, the primary impact as described is a denial of service.

Mitigation

The fix, committed to the Linux kernel stable tree [1], adds a check on the return value of create_singlethread_workqueue(). If it returns NULL, the function now returns -ENOMEM and cleans up allocated resources, preventing the null-pointer dereference. Users should apply the latest kernel updates to protect against this vulnerability.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

3
f7e2ba8ed081
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
5150b76aa2eb
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
97f2b4ddb0aa
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.