CVE-2022-50218: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50218 is a vulnerability discovered in the Linux kernel affecting the iio:light:isl29028 driver. The issue was identified in June 2025 and involves inconsistent usage of register functions in the isl29028_remove() function (NVD, Wiz).

The vulnerability stems from an inconsistency in the driver's registration function usage. The driver uses the non-managed form of the register function in isl29028_remove(), which creates a mismatch with the probe function. This inconsistency leads to incorrect release ordering, resulting in a general protection fault with a non-canonical address 0xdffffc0000000006 and a null-pointer dereference in the range [0x0000000000000030-0x0000000000000037] (NVD, Wiz).

When triggered, the vulnerability causes a kernel crash due to a general protection fault and KASAN (Kernel Address Sanitizer) detecting a null-pointer dereference. This can lead to system instability and potential denial of service conditions (Wiz).

The fix involves maintaining consistency in the registration function usage between probe and remove operations. To maintain proper release ordering that mirrors the probe sequence, the driver should use the non-managed form consistently in both operations. Several Linux distributions have released patches, including Ubuntu 20.04 LTS (version 5.15.0-1023.27~20.04.1) and 18.04 LTS (version 4.15.0-197.208) (Ubuntu).