VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2022-50733

CVE-2022-50733

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: idmouse: fix an uninit-value in idmouse_open

In idmouse_create_image, if any ftip_command fails, it will go to the reset label. However, this leads to the data in bulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check for valid image incurs an uninitialized dereference.

Fix this by moving the check before reset label since this check only be valid if the data after bulk_in_buffer[HEADER] has concrete data.

Note that this is found by KMSAN, so only kernel compilation is tested.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An uninit-value vulnerability in the Linux kernel's idmouse driver could cause an uninitialized dereference during image validation if a USB command fails.

In the Linux kernel's usb/idmouse driver, the idmouse_create_image function may jump to a reset label when any ftip_command fails. This error path leaves the data in bulk_in_buffer[HEADER..IMGSIZE] uninitialized. When the subsequent check for a valid image is performed on this uninitialized buffer, it results in a read of uninitialized memory — an uninit-value bug [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

9
b3304a6df957
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
7dad42032f68
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f589b667567f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
1eae30c0113d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b8bbae3236ab
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
20b8c456df58
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
6163a5ae097b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
adad163d1cff
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
bce2b0539933
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.