Detections
Analytics

CVE-2022-50722

medium

Description

In the Linux kernel, the following vulnerability has been resolved: media: ipu3-imgu: Fix NULL pointer dereference in active selection access What the IMGU driver did was that it first acquired the pointers to active and try V4L2 subdev state, and only then figured out which one to use. The problem with that approach and a later patch (see Fixes: tag) is that as sd_state argument to v4l2_subdev_get_try_crop() et al is NULL, there is now an attempt to dereference that. Fix this. Also rewrap lines a little.

References

https://git.kernel.org/stable/c/b9eb3ab6f30bf32f7326909f17949ccb11bab514

https://git.kernel.org/stable/c/740717b756c17190dc2d2ad4c6de1e63f214e0c9

https://git.kernel.org/stable/c/5265cc1202a31f7097691c3483a0d60d624424a5

Details

Source: Mitre, NVD

Published: 2025-12-24

Updated: 2025-12-24

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00017