CVE-2022-49805

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential null pointer dereference issue has been identified in the Linux kernel, specifically in the lan966x stats init() function. This function calls create singlethread workqueue() without checking the return value, which may be NULL. If create singlethread workqueue() fails, lan966x->stats queue will be NULL, leading to a null pointer dereference when accessing wq->flags in the queue work() function. The issue arises from the failure to verify the return value of create singlethread workqueue() and handle the potential error.

Recommendations To resolve this issue, check the return value of create singlethread workqueue() in the lan966x stats init() function and return -ENOMEM if it is NULL. This will prevent the null pointer dereference and ensure the stability of the system.