ghsa-w4hx-49mv-6qvv
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode
Commit faa87ce9196d ("regmap-irq: Introduce config registers for irq types") added the num_config_regs, then commit 9edd4f5aee84 ("regmap-irq: Deprecate type registers and virtual registers") suggested to replace num_type_reg with it. However, regmap_add_irq_chip_fwnode wasn't modified to use the new property. Later on, commit 255a03bb1bb3 ("ASoC: wcd9335: Convert irq chip to config regs") removed the old num_type_reg property from the WCD9335 driver's struct regmap_irq_chip, causing a null pointer dereference in regmap_irq_set_type when it tried to index d->type_buf as it was never allocated in regmap_add_irq_chip_fwnode:
[ 39.199374] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 39.200006] Call trace: [ 39.200014] regmap_irq_set_type+0x84/0x1c0 [ 39.200026] __irq_set_trigger+0x60/0x1c0 [ 39.200040] __setup_irq+0x2f4/0x78c [ 39.200051] request_threaded_irq+0xe8/0x1a0
Use num_config_regs in regmap_add_irq_chip_fwnode instead of num_type_reg, and fall back to it if num_config_regs isn't defined to maintain backward compatibility.
{
"affected": [],
"aliases": [
"CVE-2022-50558"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-22T14:15:40Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode\n\nCommit faa87ce9196d (\"regmap-irq: Introduce config registers for irq\ntypes\") added the num_config_regs, then commit 9edd4f5aee84 (\"regmap-irq:\nDeprecate type registers and virtual registers\") suggested to replace\nnum_type_reg with it. However, regmap_add_irq_chip_fwnode wasn\u0027t modified\nto use the new property. Later on, commit 255a03bb1bb3 (\"ASoC: wcd9335:\nConvert irq chip to config regs\") removed the old num_type_reg property\nfrom the WCD9335 driver\u0027s struct regmap_irq_chip, causing a null pointer\ndereference in regmap_irq_set_type when it tried to index d-\u003etype_buf as\nit was never allocated in regmap_add_irq_chip_fwnode:\n\n[ 39.199374] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n\n[ 39.200006] Call trace:\n[ 39.200014] regmap_irq_set_type+0x84/0x1c0\n[ 39.200026] __irq_set_trigger+0x60/0x1c0\n[ 39.200040] __setup_irq+0x2f4/0x78c\n[ 39.200051] request_threaded_irq+0xe8/0x1a0\n\nUse num_config_regs in regmap_add_irq_chip_fwnode instead of num_type_reg,\nand fall back to it if num_config_regs isn\u0027t defined to maintain backward\ncompatibility.",
"id": "GHSA-w4hx-49mv-6qvv",
"modified": "2025-10-22T15:31:09Z",
"published": "2025-10-22T15:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50558"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/57bb34330c0fc70bb4ab96399a3c1b80e73e9d49"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84498d1fb35de6ab71bdfdb6270a464fb4a0951b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/961db32e52f4d34a9a95939a30393fd190397f84"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.