CVE-2022-50181

low-risk

Published 2025-06-18

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset() and it will lead to a NULL dereference by a lately use of it (i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check. [ kraxel: minor codestyle fixup ]

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (5)

Patch https://git.kernel.org/stable/c/259773fc874258606c0121767a4a27466ff337eb

Patch https://git.kernel.org/stable/c/367882a5a9448b5e1ba756125308092d614cb96c

Patch https://git.kernel.org/stable/c/39caef09666c1d8274abf9472c72bcac236dc5fb

Patch https://git.kernel.org/stable/c/adbdd21983fa292e53aec3eab97306b2961ea887

Patch https://git.kernel.org/stable/c/bd63f11f4c3c46afec07d821f74736161ff6e526

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal