CVE-2022-50509
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for kmalloc As the kmalloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others.
Analysis
A null pointer dereference vulnerability exists in the Linux kernel's Coda media driver due to missing validation of kmalloc return values. An unprivileged local attacker can trigger a denial of service condition by causing the kernel to dereference a null pointer, resulting in a system crash or hang. The vulnerability affects multiple Linux kernel versions across stable branches, though exploitation likelihood is low (EPSS 0.01%) and patches are readily available from vendors.
Technical Context
The vulnerability resides in the Coda video codec driver (media/coda) within the Linux kernel, a subsystem responsible for hardware video encoding and decoding. The root cause is classified as CWE-476 (Null Pointer Dereference), a memory safety issue where allocated memory pointers are not validated before use. Specifically, kmalloc memory allocation calls lack proper null-pointer checks before subsequent dereference operations. The Coda driver is affected across multiple stable kernel branches (as evidenced by eight separate patch commits across kernel versions), and the vulnerability can be triggered by local code execution with user-level privileges (PR:L per CVSS vector), making it exploitable by standard user accounts without requiring elevated privileges.
Affected Products
The Linux kernel across multiple stable branches is affected, as indicated by the CPE specification matching all Linux kernel versions and confirmed by patch availability in eight separate kernel stable branches (commits dating to various kernel versions including branches for 4.14, 4.19, 5.4, 5.10, 5.15, 5.16, 5.17, and 5.18). The vulnerability is present in the media/coda subsystem regardless of kernel version until patched. Specific stable branch patches are available at https://git.kernel.org/stable/c/ with commit references 0209e70ad496c1fcd85c2ec70e6736fd09f95d14, 11e32126b3e56c3156fb610d793732acd2bdac4f, 441c05485cf1a29eef05c1fd8281716815283315, 6e5e5defdb8b0186312c2f855ace175aee6daf9b, 7a2c66429b04e85fee44d6d9f455327bf23cf49c, aa17a252dbde432095e390e2092205d4debb12e1, ba9cc9e2035f7a45f5222543265daf7cd51f2530, d308c4a035b636756786af91e5f39f9d92d7d42a, and d9b37ea8869e4e6da90c07a310d819a78cbd23d2. All Linux distributions shipping the Coda media driver are potentially affected until applying these patches.
Remediation
Organizations should upgrade the Linux kernel to versions containing the null-pointer-check patches. The patches add defensive kmalloc return value validation in the Coda driver before pointer dereference; users can identify fixed versions by checking kernel changelogs for commits referencing null-pointer checks in media/coda or by consulting their distribution's security advisories (Ubuntu, RHEL, Debian, etc. have published updates). For systems unable to immediately patch, mitigation is limited due to the local-only attack vector; however, restricting local user access via containerization, disabling the Coda driver module if unused (via blacklist or compile-time disable), or limiting code execution capabilities via seccomp or AppArmor profiles can reduce exposure. Prioritize patching for systems actively using hardware video encoding/decoding; other systems face minimal real-world risk given the EPSS 0.01% exploitation probability.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today