U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2022-50282 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdev_device_add() While doing fault injection test, I got the following report: ------------[ cut here ]------------ kobject: '(null)' (0000000039956980): is not initialized, yet kobject_put() is being called. WARNING: CPU: 3 PID: 6306 at kobject_put+0x23d/0x4e0 CPU: 3 PID: 6306 Comm: 283 Tainted: G W 6.1.0-rc2-00005-g307c1086d7c9 #1253 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:kobject_put+0x23d/0x4e0 Call Trace: <TASK> cdev_device_add+0x15e/0x1b0 __iio_device_register+0x13b4/0x1af0 [industrialio] __devm_iio_device_register+0x22/0x90 [industrialio] max517_probe+0x3d8/0x6b4 [max517] i2c_device_probe+0xa81/0xc00 When device_add() is injected fault and returns error, if dev->devt is not set, cdev_add() is not called, cdev_del() is not needed. Fix this by checking dev->devt in error path.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/11fa7fefe3d8fac7da56bc9aa3dd5fb3081ca797 kernel.org Patch 
https://git.kernel.org/stable/c/28dc61cc49c6e995121c6d86bef4b73df78dda80 kernel.org Patch 
https://git.kernel.org/stable/c/34d17b39bceef25e4cf9805cd59250ae05d0a139 kernel.org Patch 
https://git.kernel.org/stable/c/5d2146889fad4cb9e6c13e790d4cfd871486eca8 kernel.org Patch 
https://git.kernel.org/stable/c/6acf8597c5b04f455ee0649e11e5f3bcd28f381e kernel.org Patch 
https://git.kernel.org/stable/c/85a5660491b507d33662b8e81c142e6041e642eb kernel.org Patch 
https://git.kernel.org/stable/c/b5de1eac71fec1af7723f1083d23a24789fd795c kernel.org Patch 
https://git.kernel.org/stable/c/c46db6088bccff5115674d583fef46ede80077a2 kernel.org Patch 
https://git.kernel.org/stable/c/d85b5247a79355b8432bfd9ac871f96117f750d4 kernel.org Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-908 Use of Uninitialized Resource cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2022-50282
NVD Published Date:
09/15/2025
NVD Last Modified:
12/04/2025
Source:
kernel.org