CVE-2022-50359 in Linux
Summary
by MITRE • 09/17/2025
In the Linux kernel, the following vulnerability has been resolved:
media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
When the driver calls cx88_risc_buffer() to prepare the buffer, the function call may fail, resulting in a empty buffer and null-ptr-deref later in buffer_queue().
The following log can reveal it:
[ 41.822762] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI
[ 41.824488] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 41.828027] RIP: 0010:buffer_queue+0xc2/0x500
[ 41.836311] Call Trace:
[ 41.836945] __enqueue_in_driver+0x141/0x360
[ 41.837262] vb2_start_streaming+0x62/0x4a0
[ 41.838216] vb2_core_streamon+0x1da/0x2c0
[ 41.838516] __vb2_init_fileio+0x981/0xbc0
[ 41.839141] __vb2_perform_fileio+0xbf9/0x1120
[ 41.840072] vb2_fop_read+0x20e/0x400
[ 41.840346] v4l2_read+0x215/0x290
[ 41.840603] vfs_read+0x162/0x4c0
Fix this by checking the return value of cx88_risc_buffer()
[hverkuil: fix coding style issues]
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/27/2025
The vulnerability CVE-2022-50359 represents a critical null pointer dereference flaw within the Linux kernel's cx88 media driver, specifically affecting the buffer preparation mechanism. This issue manifests in the media: cx88 subsystem where the driver invokes cx88_risc_buffer() function to prepare video buffers for processing. The flaw occurs when this function call fails, resulting in an empty buffer allocation that subsequently triggers a null pointer dereference during the buffer_queue() operation. The vulnerability is particularly concerning as it operates within the kernel space, potentially allowing for privilege escalation or system instability.
The technical implementation of this vulnerability stems from inadequate error handling within the driver's buffer management workflow. When cx88_risc_buffer() fails to allocate or prepare the required buffer structures, it returns a null value without proper validation. This null return value propagates through the call stack to buffer_queue() function where the code attempts to dereference the null pointer, leading to a general protection fault. The kernel's memory management system detects this invalid memory access and generates a KASAN (Kernel Address Sanitizer) report indicating the null pointer dereference at the specific memory address range 0x0000000000000000-0x0000000000000007. The call trace demonstrates the execution path from vb2_fop_read through vb2_core_streamon to the final buffer_queue() function where the crash occurs, following the standard V4L2 (Video for Linux 2) media framework operations.
The operational impact of CVE-2022-50359 extends beyond simple system crashes, potentially enabling attackers to exploit this vulnerability for privilege escalation or denial of service conditions within the kernel space. This flaw affects systems utilizing the cx88 media driver, commonly found in television and video capture hardware devices, making it relevant to a broad range of embedded systems and consumer electronics. The vulnerability aligns with CWE-476, which specifically addresses null pointer dereference conditions in software systems. The attack surface is particularly significant for systems where media streaming or video capture operations are performed, as these operations trigger the vulnerable code path through the V4L2 framework.
Mitigation strategies for this vulnerability primarily involve applying the official kernel patch that introduces proper return value validation for the cx88_risc_buffer() function. The fix requires checking the return value of cx88_risc_buffer() before proceeding with buffer operations, ensuring that null results are handled gracefully rather than allowing them to propagate to the buffer_queue() function. This approach follows established security practices for kernel development and aligns with ATT&CK technique T1068, which covers local privilege escalation through kernel vulnerabilities. System administrators should prioritize applying the patched kernel version to all affected systems, particularly those running embedded media processing applications or devices utilizing cx88 hardware components. Additionally, monitoring systems for KASAN reports and general protection faults can help identify potential exploitation attempts or system instability related to this vulnerability. The fix demonstrates proper defensive programming practices that prevent null pointer dereferences, which is a fundamental security principle in kernel development and aligns with the principle of least privilege and secure coding standards.