CVE-2022-50364 in Linux
Summary
by MITRE • 09/17/2025
In the Linux kernel, the following vulnerability has been resolved:
i2c: mux: reg: check return value after calling platform_get_resource()
It will cause null-ptr-deref in resource_size(), if platform_get_resource() returns NULL, move calling resource_size() after devm_ioremap_resource() that will check 'res' to avoid null-ptr-deref. And use devm_platform_get_and_ioremap_resource() to simplify code.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 12/27/2025
This vulnerability exists within the Linux kernel's i2c multiplexer subsystem, specifically in the reg.c file where device resource management is handled. The issue stems from improper error handling during platform resource acquisition, creating a potential null pointer dereference condition that could lead to system instability or denial of service. The vulnerability affects systems utilizing i2c multiplexer drivers that rely on platform resource management for hardware address mapping and configuration.
The technical flaw occurs when the platform_get_resource() function returns NULL, indicating that a required hardware resource cannot be acquired from the device tree or platform description. In the vulnerable code path, the resource_size() function is called immediately after platform_get_resource() without proper validation of the returned pointer. This sequence creates a scenario where resource_size() receives a NULL argument, leading to a kernel panic or system crash when attempting to dereference the null pointer during memory mapping operations.
The operational impact of this vulnerability extends beyond simple system crashes to potentially enable privilege escalation or denial of service attacks in environments where i2c multiplexer drivers are actively used. Systems running kernel versions containing this flaw may experience unexpected termination of critical device drivers, particularly in embedded systems or server environments where i2c buses are used for hardware monitoring, sensor data collection, or device configuration. The vulnerability is particularly concerning in automotive or industrial control systems where reliable hardware interface management is critical for system operation.
The fix implements proper error handling by reordering the resource management operations and utilizing the newer devm_platform_get_and_ioremap_resource() function. This approach ensures that resource validation occurs before attempting to perform memory mapping operations, preventing the null pointer dereference condition. The solution aligns with common security practices for resource management in kernel space and follows the principle of defensive programming by validating all pointer return values before dereferencing them. This remediation addresses the underlying CWE-476 weakness related to null pointer dereference and helps prevent potential exploitation through the ATT&CK technique of privilege escalation via kernel vulnerabilities.
The implementation of this fix demonstrates proper kernel development practices for device driver resource management, where the devm_* family of functions provide automatic cleanup and error handling. The recommended approach ensures that all resource acquisition operations are properly validated and that memory mapping occurs only after successful resource identification. This vulnerability highlights the importance of thorough error handling in kernel space code, where improper resource management can lead to system-wide failures and security implications. The fix also reduces code complexity by consolidating multiple operations into a single function call that handles both resource acquisition and memory mapping with appropriate error checking.