CVE-2022-50524

MEDIUM
2025-10-07 416baaa9-dc9f-4396-8d5f-8c081fb06d67
5.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Oct 07, 2025 - 16:15 nvd
MEDIUM 5.5

Tags

Linux Null Pointer Dereference Denial Of Service Linux Kernel Redhat Suse

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Check return value after calling platform_get_resource() platform_get_resource() may return NULL pointer, we need check its return value to avoid null-ptr-deref in resource_size().

Analysis

A null pointer dereference vulnerability exists in the Linux kernel's MediaTek IOMMU driver where the platform_get_resource() function may return a NULL pointer without proper validation, leading to a crash when resource_size() attempts to dereference it. This affects all versions of the Linux kernel with the vulnerable MediaTek IOMMU code. A local attacker with low privileges can trigger a denial of service by causing a kernel panic, though the vulnerability is unlikely to be actively exploited in the wild given the low EPSS score of 0.01%.

Technical Context

The vulnerability exists in the MediaTek IOMMU (Input/Output Memory Management Unit) driver subsystem within the Linux kernel (cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*). The root cause is classified as CWE-476: Null Pointer Dereference, a common memory safety issue where the code fails to check if a pointer allocation or resource acquisition succeeded before dereferencing it. The platform_get_resource() function is a Linux kernel API that retrieves platform device resources (memory, interrupts, etc.) and can legitimately return NULL if the resource does not exist or is unavailable. The vulnerable code passes this potentially-NULL pointer directly to resource_size() without validation, triggering a kernel oops when NULL is dereferenced.

Affected Products

All versions of the Linux kernel containing the vulnerable MediaTek IOMMU driver code are affected, as indicated by CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*. The vulnerability specifically targets systems with MediaTek IOMMU hardware support compiled into the kernel. The affected code exists in the iommu/mediatek.c driver file. Patches are available from the Linux kernel stable trees and can be referenced via kernel.org commit hashes 73b6924cdebc899de9b719e1319aa86c6bed4acf, bfebf05883cdcf9ac983033987fae869bd59ca53, and feca904412483b2e0a903dd1f2e2843afd445f8c.

Remediation

Update the Linux kernel to a version incorporating the fix by applying one of the three available patches from kernel.org (commit hashes: 73b6924cdebc899de9b719e1319aa86c6bed4acf, bfebf05883cdcf9ac983033987fae869bd59ca53, or feca904412483b2e0a903dd1f2e2843afd445f8c). Most Linux distributions will automatically include this fix in their next kernel update cycle. For systems unable to immediately patch, the practical risk is minimal given the low EPSS score and requirement for specific hardware misconfiguration to trigger the bug. Ensure MediaTek IOMMU hardware is properly initialized and configured during system boot to avoid NULL resource conditions.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +28
POC: 0

Vendor Status

Share

CVE-2022-50524 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy