{"id":"CVE-2022-50452","summary":"net: sched: cake: fix null pointer access issue when cake_init() fails","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cake: fix null pointer access issue when cake_init() fails\n\nWhen the default qdisc is cake, if the qdisc of dev_queue fails to be\ninited during mqprio_init(), cake_reset() is invoked to clear\nresources. In this case, the tins is NULL, and it will cause gpf issue.\n\nThe process is as follows:\nqdisc_create_dflt()\n\tcake_init()\n\t\tq-\u003etins = kvcalloc(...)        ---\u003efailed, q-\u003etins is NULL\n\t...\n\tqdisc_put()\n\t\t...\n\t\tcake_reset()\n\t\t\t...\n\t\t\tcake_dequeue_one()\n\t\t\t\tb = &q-\u003etins[...]   ---\u003eq-\u003etins is NULL\n\nThe following is the Call Trace information:\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nRIP: 0010:cake_dequeue_one+0xc9/0x3c0\nCall Trace:\n\u003cTASK\u003e\ncake_reset+0xb1/0x140\nqdisc_reset+0xed/0x6f0\nqdisc_destroy+0x82/0x4c0\nqdisc_put+0x9e/0xb0\nqdisc_create_dflt+0x2c3/0x4a0\nmqprio_init+0xa71/0x1760\nqdisc_create+0x3eb/0x1000\ntc_modify_qdisc+0x408/0x1720\nrtnetlink_rcv_msg+0x38e/0xac0\nnetlink_rcv_skb+0x12d/0x3a0\nnetlink_unicast+0x4a2/0x740\nnetlink_sendmsg+0x826/0xcc0\nsock_sendmsg+0xc5/0x100\n____sys_sendmsg+0x583/0x690\n___sys_sendmsg+0xe8/0x160\n__sys_sendmsg+0xbf/0x160\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f89e5122d04\n\u003c/TASK\u003e","modified":"2026-05-18T05:56:22.816699563Z","published":"2025-10-01T11:45:25.394Z","related":["SUSE-SU-2025:03615-1","SUSE-SU-2025:3761-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50452.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/154f4c06d9dbec1a14e91286c70b6305810302e0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1dc0a019550fd38ec6cab2d73c90df2bd659c96b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/51f9a8921ceacd7bf0d3f47fa867a64988ba1dcb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/86aa1390898146f1de277bb6d2a8ed7fc7a43f12"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ae48bee2830bf216800e1447baca39541e27a12e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bc8301ea7e7f1bb9d2ba2fcdf7b5ec2f0792b47e"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50452.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50452"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"046f6fd5daefac7f5abdafb436b30f63bc7c602b"},{"fixed":"86aa1390898146f1de277bb6d2a8ed7fc7a43f12"},{"fixed":"bc8301ea7e7f1bb9d2ba2fcdf7b5ec2f0792b47e"},{"fixed":"ae48bee2830bf216800e1447baca39541e27a12e"},{"fixed":"154f4c06d9dbec1a14e91286c70b6305810302e0"},{"fixed":"1dc0a019550fd38ec6cab2d73c90df2bd659c96b"},{"fixed":"51f9a8921ceacd7bf0d3f47fa867a64988ba1dcb"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50452.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.19.0"},{"fixed":"4.19.264"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.221"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.152"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.76"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.0.6"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50452.json"}}],"schema_version":"1.7.5"}