{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50722", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T12:20:40.330Z", "datePublished": "2025-12-24T12:22:44.765Z", "dateUpdated": "2025-12-24T12:22:44.765Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-24T12:22:44.765Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ipu3-imgu: Fix NULL pointer dereference in active selection access\n\nWhat the IMGU driver did was that it first acquired the pointers to active\nand try V4L2 subdev state, and only then figured out which one to use.\n\nThe problem with that approach and a later patch (see Fixes: tag) is that\nas sd_state argument to v4l2_subdev_get_try_crop() et al is NULL, there is\nnow an attempt to dereference that.\n\nFix this.\n\nAlso rewrap lines a little."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/media/ipu3/ipu3-v4l2.c"], "versions": [{"version": "0d346d2a6f54f06f36b224fd27cd6eafe8c83be9", "lessThan": "5265cc1202a31f7097691c3483a0d60d624424a5", "status": "affected", "versionType": "git"}, {"version": "0d346d2a6f54f06f36b224fd27cd6eafe8c83be9", "lessThan": "740717b756c17190dc2d2ad4c6de1e63f214e0c9", "status": "affected", "versionType": "git"}, {"version": "0d346d2a6f54f06f36b224fd27cd6eafe8c83be9", "lessThan": "b9eb3ab6f30bf32f7326909f17949ccb11bab514", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/media/ipu3/ipu3-v4l2.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.76", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.6", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.15.76"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.0.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5265cc1202a31f7097691c3483a0d60d624424a5"}, {"url": "https://git.kernel.org/stable/c/740717b756c17190dc2d2ad4c6de1e63f214e0c9"}, {"url": "https://git.kernel.org/stable/c/b9eb3ab6f30bf32f7326909f17949ccb11bab514"}], "title": "media: ipu3-imgu: Fix NULL pointer dereference in active selection access", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ipu3-imgu: Fix NULL pointer dereference in active selection access\n\nWhat the IMGU driver did was that it first acquired the pointers to active\nand try V4L2 subdev state, and only then figured out which one to use.\n\nThe problem with that approach and a later patch (see Fixes: tag) is that\nas sd_state argument to v4l2_subdev_get_try_crop() et al is NULL, there is\nnow an attempt to dereference that.\n\nFix this.\n\nAlso rewrap lines a little."}], "id": "CVE-2022-50722", "lastModified": "2025-12-24T13:15:58.867", "metrics": {}, "published": "2025-12-24T13:15:58.867", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5265cc1202a31f7097691c3483a0d60d624424a5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/740717b756c17190dc2d2ad4c6de1e63f214e0c9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b9eb3ab6f30bf32f7326909f17949ccb11bab514"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}