PT-2025-40126 · Linux+2 · Linux Kernel+2
Published
2022-12-28
·
Updated
2025-10-23
·
CVE-2022-50441
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.0.0-rc5 mlnx
Description
A flaw exists in the net/mlx5 component of the Linux kernel related to delayed bond work cancellation. A missing call to cancel delayed work could lead to the execution of code on an already destroyed work queue, resulting in a kernel NULL pointer dereference. This can cause a system crash, as indicated by a kernel panic with a bug message. The issue was addressed by restoring the call to
cancel delayed work sync() before destroying the workqueue.Recommendations
Update to a version of the Linux kernel newer than 6.0.0-rc5 mlnx.
Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel
Suse
Mlx5