CVE-2022-50133

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc7-00043-gfd8619f4fd54

Description A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the xhci plat remove function. This issue can cause a kernel crash when the xhci->shared hcd is NULL. The problem arises after a specific commit, which omits the shared HCD if either root hub has no ports. Technical details about the issue include the function names usb remove hcd() and xhci plat remove(), and the xhci->shared hcd variable. The issue can lead to a kernel crash, as evidenced by the provided Oops message, which includes details such as the CPU state and the call trace.

Recommendations For Linux kernel versions prior to 5.19.0-rc7-00043-gfd8619f4fd54, update to a newer version that includes the fix for the NULL pointer dereference issue in the xhci plat remove function. As a temporary workaround, consider disabling the xhci plat remove() function until a patch is available. Restrict access to the vulnerable xhci->shared hcd variable to minimize the risk of exploitation. Avoid using the usb remove hcd() function in conjunction with the xhci plat remove() function until the issue is resolved.