Linux Kernel up to 6.0.15/6.1.1 regmap-irq num_config_regs null pointer dereference

Summaryinfo

A vulnerability classified as critical has been found in Linux Kernel up to 6.0.15/6.1.1. Affected by this vulnerability is the function num_config_regs of the component regmap-irq. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2022-50558. No exploit exists. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in Linux Kernel up to 6.0.15/6.1.1. It has been classified as critical. This affects the function num_config_regs of the component regmap-irq. The manipulation with an unknown input leads to a null pointer dereference vulnerability. CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. This is going to have an impact on availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode Commit faa87ce9196d ("regmap-irq: Introduce config registers for irq types") added the num_config_regs, then commit 9edd4f5aee84 ("regmap-irq: Deprecate type registers and virtual registers") suggested to replace num_type_reg with it. However, regmap_add_irq_chip_fwnode wasn't modified to use the new property. Later on, commit 255a03bb1bb3 ("ASoC: wcd9335: Convert irq chip to config regs") removed the old num_type_reg property from the WCD9335 driver's struct regmap_irq_chip, causing a null pointer dereference in regmap_irq_set_type when it tried to index d->type_buf as it was never allocated in regmap_add_irq_chip_fwnode: [ 39.199374] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 39.200006] Call trace: [ 39.200014] regmap_irq_set_type+0x84/0x1c0 [ 39.200026] __irq_set_trigger+0x60/0x1c0 [ 39.200040] __setup_irq+0x2f4/0x78c [ 39.200051] request_threaded_irq+0xe8/0x1a0 Use num_config_regs in regmap_add_irq_chip_fwnode instead of num_type_reg, and fall back to it if num_config_regs isn't defined to maintain backward compatibility.

It is possible to read the advisory at git.kernel.org. This vulnerability is uniquely identified as CVE-2022-50558 since 10/22/2025. The exploitability is told to be difficult. Technical details of the vulnerability are known, but there is no available exploit.

Upgrading to version 6.0.16 or 6.1.2 eliminates this vulnerability. Applying the patch 57bb34330c0fc70bb4ab96399a3c1b80e73e9d49/961db32e52f4d34a9a95939a30393fd190397f84/84498d1fb35de6ab71bdfdb6270a464fb4a0951b is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-2394). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Affected

• Red Hat Enterprise Linux
• SUSE Linux
• Oracle Linux
• Open Source Linux Kernel
• Dell NetWorker

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.0.0
• 6.0.1
• 6.0.2
• 6.0.3
• 6.0.4
• 6.0.5
• 6.0.6
• 6.0.7
• 6.0.8
• 6.0.9
• 6.0.10
• 6.0.11
• 6.0.12
• 6.0.13
• 6.0.14
• 6.0.15
• 6.1.0
• 6.1.1

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion