CVE-2022-50282: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50282 is a vulnerability discovered in the Linux kernel related to error handling in the cdev_device_add() function. The vulnerability was disclosed and documented on September 15, 2025. The issue affects the character device subsystem in the Linux kernel, specifically when handling device addition errors (NVD).

The vulnerability manifests when a fault injection test reveals an uninitialized kobject being passed to kobject_put(). The issue occurs specifically in the error handling path of cdev_device_add() where, if dev->devt is not set and device_add() returns an error, cdev_add() is not called, making cdev_del() unnecessary. This was discovered during testing with QEMU Standard PC hardware emulation running Linux kernel version 6.1.0-rc2 (NVD).

The vulnerability could potentially lead to system instability or crashes due to improper error handling in the kernel's character device subsystem. When triggered, it results in a kernel warning about an uninitialized kobject being freed, which could affect system reliability (NVD).

The issue has been resolved by implementing a fix that checks dev->devt in the error path before performing cleanup operations. This ensures proper handling of device addition errors and prevents the uninitialized kobject issue (NVD).