{
  "threat_severity" : "Moderate",
  "public_date" : "2025-06-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: usb: xhci_plat_remove: avoid NULL dereference",
    "id" : "2373682",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373682"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nusb: xhci_plat_remove: avoid NULL dereference\nSince commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a (\"usb: host:\nxhci-plat: omit shared hcd if either root hub has no ports\")\nxhci->shared_hcd can be NULL, which causes the following Oops\non reboot:\n[  710.124450] systemd-shutdown[1]: Rebooting.\n[  710.298861] xhci-hcd xhci-hcd.2.auto: remove, state 4\n[  710.304217] usb usb3: USB disconnect, device number 1\n[  710.317441] xhci-hcd xhci-hcd.2.auto: USB bus 3 deregistered\n[  710.323280] xhci-hcd xhci-hcd.2.auto: remove, state 1\n[  710.328401] usb usb2: USB disconnect, device number 1\n[  710.333515] usb 2-3: USB disconnect, device number 2\n[  710.467649] xhci-hcd xhci-hcd.2.auto: USB bus 2 deregistered\n[  710.475450] Unable to handle kernel NULL pointer dereference at virtual address 00000000000003b8\n[  710.484425] Mem abort info:\n[  710.487265]   ESR = 0x0000000096000004\n[  710.491060]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  710.496427]   SET = 0, FnV = 0\n[  710.499525]   EA = 0, S1PTW = 0\n[  710.502716]   FSC = 0x04: level 0 translation fault\n[  710.507648] Data abort info:\n[  710.510577]   ISV = 0, ISS = 0x00000004\n[  710.514462]   CM = 0, WnR = 0\n[  710.517480] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008b0050000\n[  710.523976] [00000000000003b8] pgd=0000000000000000, p4d=0000000000000000\n[  710.530961] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[  710.536551] Modules linked in: rfkill input_leds snd_soc_simple_card snd_soc_simple_card_utils snd_soc_nau8822 designware_i2s snd_soc_core dw_hdmi_ahb_audio snd_pcm_dmaengine arm_ccn panfrost ac97_bus gpu_sched snd_pcm at24 fuse configfs sdhci_of_dwcmshc sdhci_pltfm sdhci nvme led_class mmc_core nvme_core bt1_pvt polynomial tp_serio snd_seq_midi snd_seq_midi_event snd_seq snd_timer snd_rawmidi snd_seq_device snd soundcore efivarfs ipv6\n[  710.575286] CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted 5.19.0-rc7-00043-gfd8619f4fd54 #1\n[  710.583822] Hardware name: T-Platforms TF307-MB/BM1BM1-A, BIOS 5.6 07/06/2022\n[  710.590972] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  710.597949] pc : usb_remove_hcd+0x34/0x1e4\n[  710.602067] lr : xhci_plat_remove+0x74/0x140\n[  710.606351] sp : ffff800009f3b7c0\n[  710.609674] x29: ffff800009f3b7c0 x28: ffff000800960040 x27: 0000000000000000\n[  710.616833] x26: ffff800008dc22a0 x25: 0000000000000000 x24: 0000000000000000\n[  710.623992] x23: 0000000000000000 x22: ffff000805465810 x21: ffff000805465800\n[  710.631149] x20: ffff000800f80000 x19: 0000000000000000 x18: ffffffffffffffff\n[  710.638307] x17: ffff000805096000 x16: ffff00080633b800 x15: ffff000806537a1c\n[  710.645465] x14: 0000000000000001 x13: 0000000000000000 x12: ffff00080378d6f0\n[  710.652621] x11: ffff00080041a900 x10: ffff800009b204e8 x9 : ffff8000088abaa4\n[  710.659779] x8 : ffff000800960040 x7 : ffff800009409000 x6 : 0000000000000001\n[  710.666936] x5 : ffff800009241000 x4 : ffff800009241440 x3 : 0000000000000000\n[  710.674094] x2 : ffff000800960040 x1 : ffff000800960040 x0 : 0000000000000000\n[  710.681251] Call trace:\n[  710.683704]  usb_remove_hcd+0x34/0x1e4\n[  710.687467]  xhci_plat_remove+0x74/0x140\n[  710.691400]  platform_remove+0x34/0x70\n[  710.695165]  device_remove+0x54/0x90\n[  710.698753]  device_release_driver_internal+0x200/0x270\n[  710.703992]  device_release_driver+0x24/0x30\n[  710.708273]  bus_remove_device+0xe0/0x16c\n[  710.712293]  device_del+0x178/0x390\n[  710.715797]  platform_device_del.part.0+0x24/0x90\n[  710.720514]  platform_device_unregister+0x30/0x50\n[  710.725232]  dwc3_host_exit+0x20/0x30\n[  710.728907]  dwc3_remove+0x174/0x1b0\n[  710.732494]  platform_remove+0x34/0x70\n[  710.736254]  device_remove+0x54/0x90\n[  710.739840]  device_release_driver_internal+0x200/0x270\n[  710.745078]  device_release_driver+0x24/0x30\n[  710.749359]  bus_remove_device+0xe0/0x16c\n[  710.753380]  device_del+0x178/0x390\n[  710.756881]  platform_device_del.part\n---truncated---" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:2951",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-477.10.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50133\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50133\nhttps://lore.kernel.org/linux-cve-announce/2025061815-CVE-2022-50133-6189@gregkh/T" ],
  "name" : "CVE-2022-50133",
  "csaw" : false
}