CVE-2022-49962

MEDIUM

Linux Kernel 5.19-5.19.7 - Null Pointer Dereference in xHCI Roothub Removal

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference in remove if xHC has only one roothub The remove path in xhci platform driver tries to remove and put both main and shared hcds even if only a main hcd exists (one roothub) This causes a null pointer dereference in reboot for those controllers. Check that the shared_hcd exists before trying to remove it.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/7081b2f34ff291ada012bd6abacaf7d51c4cf73f

Patch

https://git.kernel.org/stable/c/4a593a62a9e3a25ab4bc37f612e4edec144f7f43

Scores

CVSS v3 5.5

EPSS 0.0018

EPSS Percentile 7.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (9)

linux/Kernel 5.19.0 - 5.19.8linux

Linux/Linux < 5.19

Linux/Linux 5.19

Linux/Linux 5.19.8 - 5.19.*

Linux/Linux 6.0

Linux/Linux e0fe986972f5b6b12086c73569206dd29c520be9 - 4a593a62a9e3a25ab4bc37f612e4edec144f7f43

Linux/Linux e0fe986972f5b6b12086c73569206dd29c520be9 - 7081b2f34ff291ada012bd6abacaf7d51c4cf73f

linux/linux_kernel 6.0 rc1 (3 CPE variants)

linux/linux_kernel 5.19 - 5.19.8

Published Jun 18, 2025

Tracked Since Feb 18, 2026