CVE-2022-49944

MEDIUM

Linux Kernel 5.19-5.19.7 - NULL Pointer Dereference in USB Type-C UCSI Connector Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: Revert "usb: typec: ucsi: add a common function ucsi_unregister_connectors()" The recent commit 87d0e2f41b8c ("usb: typec: ucsi: add a common function ucsi_unregister_connectors()") introduced a regression that caused NULL dereference at reading the power supply sysfs. It's a stale sysfs entry that should have been removed but remains with NULL ops. The commit changed the error handling to skip the entries after a NULL con->wq, and this leaves the power device unreleased. For addressing the regression, the straight revert is applied here. Further code improvements can be done from the scratch again.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad

Patch

https://git.kernel.org/stable/c/5f73aa2cf8bef4a39baa1591c3144ede4788826e

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 7.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (9)

linux/Kernel 5.19.0 - 5.19.8linux

Linux/Linux < 5.19

Linux/Linux 5.19

Linux/Linux 5.19.8 - 5.19.*

Linux/Linux 6.0

Linux/Linux 87d0e2f41b8cc2018499be4e8003fa8c09b6f2fb - 3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad

Linux/Linux 87d0e2f41b8cc2018499be4e8003fa8c09b6f2fb - 5f73aa2cf8bef4a39baa1591c3144ede4788826e

linux/linux_kernel 6.0 rc1 (3 CPE variants)

linux/linux_kernel 5.19 - 5.19.8

Published Jun 18, 2025

Tracked Since Feb 18, 2026