CVE-2022-50361

MEDIUM

Linux Kernel 5.17-6.1.15, 6.2.0-6.2.2, 6.3 - NULL Pointer Dereference in wilc1000 Network Device Initialization

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init() Fault injection test reports this issue: kernel BUG at net/core/dev.c:10731! invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI Call Trace: <TASK> wilc_netdev_ifc_init+0x19f/0x220 [wilc1000 884bf126e9e98af6a708f266a8dffd53f99e4bf5] wilc_cfg80211_init+0x30c/0x380 [wilc1000 884bf126e9e98af6a708f266a8dffd53f99e4bf5] wilc_bus_probe+0xad/0x2b0 [wilc1000_spi 1520a7539b6589cc6cde2ae826a523a33f8bacff] spi_probe+0xe4/0x140 really_probe+0x17e/0x3f0 __driver_probe_device+0xe3/0x170 driver_probe_device+0x49/0x120 The root case here is alloc_ordered_workqueue() fails, but cfg80211_unregister_netdevice() or unregister_netdev() not be called in error handling path. To fix add unregister_netdev goto lable to add the unregister operation in error handling path.

References (3)

Core 3

Scores

CVSS v3 5.5
EPSS 0.0021
EPSS Percentile 10.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (11)
linux/Kernel 5.17.0 - 6.1.16linux
linux/Kernel 6.2.0 - 6.2.3linux
Linux/Linux < 5.17
Linux/Linux 09ed8bfc5215ad5aac91c50008277b5586b9ef24 - 2b88974ecb358990e1c33fabcd0b9e142bab7f21
Linux/Linux 09ed8bfc5215ad5aac91c50008277b5586b9ef24 - 6da6ce086221803ed6c3b1db11096cecd3e58ec8
Linux/Linux 09ed8bfc5215ad5aac91c50008277b5586b9ef24 - a1bdecedc7ad0512365267cd1a26bfc2ae455c59
Linux/Linux 5.17
Linux/Linux 6.1.16 - 6.1.*
Linux/Linux 6.2.3 - 6.2.*
Linux/Linux 6.3
... and 1 more
Published Sep 17, 2025
Tracked Since Feb 18, 2026