CVE-2022-50327

MEDIUM

Linux Kernel < 5.4.297 - NULL Pointer Dereference

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which would cause a NULL pointer dereference to occur in acpi_device_hid(). [ rjw: Subject and changelog edits, added empty line after if () ]

References (7)

[Patch] https://git.kernel.org/stable/c/2437513a814b3e93bd02879740a8a06e52e2cf7d

[Patch] https://git.kernel.org/stable/c/2ecd629c788bbfb96be058edade2e934d3763eaf

[Patch] https://git.kernel.org/stable/c/8e8b5f12ee4ab6f5d252c9ca062a4ada9554e6d9

[Patch] https://git.kernel.org/stable/c/ad1190744da9d812da55b76f2afce750afb0a3bd

[Patch] https://git.kernel.org/stable/c/b85f0e292f73f353eea915499604fbf50c8238b4

[Patch] https://git.kernel.org/stable/c/fdee7a0acc566c4194d40a501b8a1584e86cc208

[Third Party Advisory] https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 5.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status published

Affected Products (2)

linux/linux_kernel < 5.4.297

debian/debian_linux

Timeline

Published Sep 15, 2025

Tracked Since Feb 18, 2026