{"id":"CVE-2022-49806","summary":"net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()\n\nsparx_stats_init() calls create_singlethread_workqueue() and not\nchecked the ret value, which may return NULL. And a null-ptr-deref may\nhappen:\n\nsparx_stats_init()\n    create_singlethread_workqueue() # failed, sparx5-\u003estats_queue is NULL\n    queue_delayed_work()\n        queue_delayed_work_on()\n            __queue_delayed_work()  # warning here, but continue\n                __queue_work()      # access wq-\u003eflags, null-ptr-deref\n\nCheck the ret value and return -ENOMEM if it is NULL. So as\nsparx5_start().","modified":"2026-05-28T03:53:25.952594458Z","published":"2025-05-01T14:09:32.854Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49806.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/456327e565dc49d18b2f595f39f47df8a36f1057"},{"type":"WEB","url":"https://git.kernel.org/stable/c/639f5d006e36bb303f525d9479448c412b720c39"},{"type":"WEB","url":"https://git.kernel.org/stable/c/80e590aeb132887102c3fa79d99b338f099dc952"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49806.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49806"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b37a1bae742f92cc9b1f777d54e04ee3d86bbfc2"},{"fixed":"80e590aeb132887102c3fa79d99b338f099dc952"},{"fixed":"456327e565dc49d18b2f595f39f47df8a36f1057"},{"fixed":"639f5d006e36bb303f525d9479448c412b720c39"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49806.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.14.0"},{"fixed":"5.15.80"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.0.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49806.json"}}],"schema_version":"1.7.5"}