CVE-2022-50276 – This CVE describes a NULL pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2022-50276?

CVE-2022-50276 has a CVSS score of 5.5 (MEDIUM). This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's power supply subsystem. When the system fails to allocate memory for a property name string, subsequent code attempts to compare this NULL pointer, causing a kernel panic or system crash. This affects all Linux systems using the vulnerable kernel version with power management features enabled.

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's power supply subsystem. When the system fails to allocate memory for a property name string, subsequent code attempts to compare this NULL pointer, causing a kernel panic or system crash. This affects all Linux systems using the vulnerable kernel version with power management features enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE description, but patches are available in stable kernel trees

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires power management subsystem to be active and memory allocation to fail at specific point

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System crash or kernel panic when specific power management operations are performed under memory pressure conditions.

🟢

If Mitigated

Minor performance impact from additional memory allocation checks with no security impact when patched.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger specific power management operations.

🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the crash, affecting system availability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger specific power management operations and memory pressure conditions

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel versions referenced in CVE links

Vendor Advisory: https://git.kernel.org/stable/c/104bb8a663451404a26331263ce5b96c34504049

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from official distribution repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Memory pressure reduction

all

Reduce likelihood of memory allocation failure by ensuring adequate system memory

echo 3 > /proc/sys/vm/drop_caches
sysctl -w vm.min_free_kbytes=65536

🧯 If You Can't Patch

Monitor system memory usage and ensure adequate free memory
Restrict non-essential power management operations if possible

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions in CVE references

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version matches or exceeds patched version from stable kernel trees

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
NULL pointer dereference errors in kernel logs

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("NULL pointer" OR "kernel panic" OR "power_supply_get_battery_info")

📊 Metadata

CVE ID: CVE-2022-50276

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.01% exploit probability (2.3th percentile)

Published: September 15, 2025

Last Updated: December 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50276, you might also want to check these: