{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50452", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-17T14:53:07.011Z", "datePublished": "2025-10-01T11:45:25.394Z", "dateUpdated": "2025-10-01T11:45:25.394Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-01T11:45:25.394Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cake: fix null pointer access issue when cake_init() fails\n\nWhen the default qdisc is cake, if the qdisc of dev_queue fails to be\ninited during mqprio_init(), cake_reset() is invoked to clear\nresources. In this case, the tins is NULL, and it will cause gpf issue.\n\nThe process is as follows:\nqdisc_create_dflt()\n\tcake_init()\n\t\tq->tins = kvcalloc(...) --->failed, q->tins is NULL\n\t...\n\tqdisc_put()\n\t\t...\n\t\tcake_reset()\n\t\t\t...\n\t\t\tcake_dequeue_one()\n\t\t\t\tb = &q->tins[...] --->q->tins is NULL\n\nThe following is the Call Trace information:\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nRIP: 0010:cake_dequeue_one+0xc9/0x3c0\nCall Trace:\n<TASK>\ncake_reset+0xb1/0x140\nqdisc_reset+0xed/0x6f0\nqdisc_destroy+0x82/0x4c0\nqdisc_put+0x9e/0xb0\nqdisc_create_dflt+0x2c3/0x4a0\nmqprio_init+0xa71/0x1760\nqdisc_create+0x3eb/0x1000\ntc_modify_qdisc+0x408/0x1720\nrtnetlink_rcv_msg+0x38e/0xac0\nnetlink_rcv_skb+0x12d/0x3a0\nnetlink_unicast+0x4a2/0x740\nnetlink_sendmsg+0x826/0xcc0\nsock_sendmsg+0xc5/0x100\n____sys_sendmsg+0x583/0x690\n___sys_sendmsg+0xe8/0x160\n__sys_sendmsg+0xbf/0x160\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f89e5122d04\n</TASK>"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sched/sch_cake.c"], "versions": [{"version": "046f6fd5daefac7f5abdafb436b30f63bc7c602b", "lessThan": "86aa1390898146f1de277bb6d2a8ed7fc7a43f12", "status": "affected", "versionType": "git"}, {"version": "046f6fd5daefac7f5abdafb436b30f63bc7c602b", "lessThan": "bc8301ea7e7f1bb9d2ba2fcdf7b5ec2f0792b47e", "status": "affected", "versionType": "git"}, {"version": "046f6fd5daefac7f5abdafb436b30f63bc7c602b", "lessThan": "ae48bee2830bf216800e1447baca39541e27a12e", "status": "affected", "versionType": "git"}, {"version": "046f6fd5daefac7f5abdafb436b30f63bc7c602b", "lessThan": "154f4c06d9dbec1a14e91286c70b6305810302e0", "status": "affected", "versionType": "git"}, {"version": "046f6fd5daefac7f5abdafb436b30f63bc7c602b", "lessThan": "1dc0a019550fd38ec6cab2d73c90df2bd659c96b", "status": "affected", "versionType": "git"}, {"version": "046f6fd5daefac7f5abdafb436b30f63bc7c602b", "lessThan": "51f9a8921ceacd7bf0d3f47fa867a64988ba1dcb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sched/sch_cake.c"], "versions": [{"version": "4.19", "status": "affected"}, {"version": "0", "lessThan": "4.19", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.264", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.221", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.152", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.76", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.6", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "4.19.264"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.4.221"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.10.152"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.15.76"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.0.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/86aa1390898146f1de277bb6d2a8ed7fc7a43f12"}, {"url": "https://git.kernel.org/stable/c/bc8301ea7e7f1bb9d2ba2fcdf7b5ec2f0792b47e"}, {"url": "https://git.kernel.org/stable/c/ae48bee2830bf216800e1447baca39541e27a12e"}, {"url": "https://git.kernel.org/stable/c/154f4c06d9dbec1a14e91286c70b6305810302e0"}, {"url": "https://git.kernel.org/stable/c/1dc0a019550fd38ec6cab2d73c90df2bd659c96b"}, {"url": "https://git.kernel.org/stable/c/51f9a8921ceacd7bf0d3f47fa867a64988ba1dcb"}], "title": "net: sched: cake: fix null pointer access issue when cake_init() fails", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cake: fix null pointer access issue when cake_init() fails\n\nWhen the default qdisc is cake, if the qdisc of dev_queue fails to be\ninited during mqprio_init(), cake_reset() is invoked to clear\nresources. In this case, the tins is NULL, and it will cause gpf issue.\n\nThe process is as follows:\nqdisc_create_dflt()\n\tcake_init()\n\t\tq->tins = kvcalloc(...) --->failed, q->tins is NULL\n\t...\n\tqdisc_put()\n\t\t...\n\t\tcake_reset()\n\t\t\t...\n\t\t\tcake_dequeue_one()\n\t\t\t\tb = &q->tins[...] --->q->tins is NULL\n\nThe following is the Call Trace information:\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nRIP: 0010:cake_dequeue_one+0xc9/0x3c0\nCall Trace:\n<TASK>\ncake_reset+0xb1/0x140\nqdisc_reset+0xed/0x6f0\nqdisc_destroy+0x82/0x4c0\nqdisc_put+0x9e/0xb0\nqdisc_create_dflt+0x2c3/0x4a0\nmqprio_init+0xa71/0x1760\nqdisc_create+0x3eb/0x1000\ntc_modify_qdisc+0x408/0x1720\nrtnetlink_rcv_msg+0x38e/0xac0\nnetlink_rcv_skb+0x12d/0x3a0\nnetlink_unicast+0x4a2/0x740\nnetlink_sendmsg+0x826/0xcc0\nsock_sendmsg+0xc5/0x100\n____sys_sendmsg+0x583/0x690\n___sys_sendmsg+0xe8/0x160\n__sys_sendmsg+0xbf/0x160\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f89e5122d04\n</TASK>"}], "id": "CVE-2022-50452", "lastModified": "2025-10-01T12:15:38.210", "metrics": {}, "published": "2025-10-01T12:15:38.210", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/154f4c06d9dbec1a14e91286c70b6305810302e0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1dc0a019550fd38ec6cab2d73c90df2bd659c96b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/51f9a8921ceacd7bf0d3f47fa867a64988ba1dcb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/86aa1390898146f1de277bb6d2a8ed7fc7a43f12"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ae48bee2830bf216800e1447baca39541e27a12e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bc8301ea7e7f1bb9d2ba2fcdf7b5ec2f0792b47e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}