github - ghsa-rrcr-75gv-j4qm

ghsa-rrcr-75gv-j4qm

Vulnerability from github

Published

2025-06-18 12:30

Modified

2025-06-18 12:30

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: nintendo: fix rumble worker null pointer deref

We can dereference a null pointer trying to queue work to a destroyed workqueue.

If the device is disconnected, nintendo_hid_remove is called, in which the rumble_queue is destroyed. Avoid using that queue to defer rumble work once the controller state is set to JOYCON_CTLR_STATE_REMOVED.

This eliminates the null pointer dereference.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-49974"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:24Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nintendo: fix rumble worker null pointer deref\n\nWe can dereference a null pointer trying to queue work to a destroyed\nworkqueue.\n\nIf the device is disconnected, nintendo_hid_remove is called, in which\nthe rumble_queue is destroyed. Avoid using that queue to defer rumble\nwork once the controller state is set to JOYCON_CTLR_STATE_REMOVED.\n\nThis eliminates the null pointer dereference.",
  "id": "GHSA-rrcr-75gv-j4qm",
  "modified": "2025-06-18T12:30:39Z",
  "published": "2025-06-18T12:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49974"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1ff89e06c2e5fab30274e4b02360d4241d6e605e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c6e6c334154be16740b44dcd7638fb510b9bd91"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2022-49974 (GCVE-0-2022-49974)

Vulnerability from cvelistv5

Published

2025-06-18 11:00

Modified

2025-06-19 13:10

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: fix rumble worker null pointer deref We can dereference a null pointer trying to queue work to a destroyed workqueue. If the device is disconnected, nintendo_hid_remove is called, in which the rumble_queue is destroyed. Avoid using that queue to defer rumble work once the controller state is set to JOYCON_CTLR_STATE_REMOVED. This eliminates the null pointer dereference.

References

►

URL

Tags

	https://git.kernel.org/stable/c/7c6e6c334154be16740b44dcd7638fb510b9bd91
	https://git.kernel.org/stable/c/1ff89e06c2e5fab30274e4b02360d4241d6e605e

Impacted products

Vendor

Product

Version

►

Version: 2af16c1f846bd60240745bbd3afa13d5f040c61a
Version: 2af16c1f846bd60240745bbd3afa13d5f040c61a

Version: 5.16

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-nintendo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7c6e6c334154be16740b44dcd7638fb510b9bd91",
              "status": "affected",
              "version": "2af16c1f846bd60240745bbd3afa13d5f040c61a",
              "versionType": "git"
            },
            {
              "lessThan": "1ff89e06c2e5fab30274e4b02360d4241d6e605e",
              "status": "affected",
              "version": "2af16c1f846bd60240745bbd3afa13d5f040c61a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-nintendo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.7",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nintendo: fix rumble worker null pointer deref\n\nWe can dereference a null pointer trying to queue work to a destroyed\nworkqueue.\n\nIf the device is disconnected, nintendo_hid_remove is called, in which\nthe rumble_queue is destroyed. Avoid using that queue to defer rumble\nwork once the controller state is set to JOYCON_CTLR_STATE_REMOVED.\n\nThis eliminates the null pointer dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T13:10:44.005Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7c6e6c334154be16740b44dcd7638fb510b9bd91"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ff89e06c2e5fab30274e4b02360d4241d6e605e"
        }
      ],
      "title": "HID: nintendo: fix rumble worker null pointer deref",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49974",
    "datePublished": "2025-06-18T11:00:37.224Z",
    "dateReserved": "2025-06-18T10:57:27.385Z",
    "dateUpdated": "2025-06-19T13:10:44.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.