SB20250916175 - NULL pointer dereference in Linux kernel hugetlbfs
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB20250916175
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2022-50334)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/26215b7ee923b9251f7bb12c4e5f09dc465d35f2
- https://git.kernel.org/stable/c/965e8f8ae0f642b5528f5a82b7bcaf15a659d5bd
- https://git.kernel.org/stable/c/9a8862820cbf1f18dca4f3b4c289d88561b3a384
- https://git.kernel.org/stable/c/dcd28191be9bbf307ba51a5b485773a55b0037c4
- https://git.kernel.org/stable/c/f2207145693ae5697a7b59e2add4b92f9e5b0e3c
- https://git.kernel.org/stable/c/fa71639873518e3587632ae58e25e4a96b57fa90
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.229