CVE-2022-50558: regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode
In the Linux kernel, the following vulnerability has been resolved:
regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode
Commit faa87ce9196d ("regmap-irq: Introduce config registers for irq
types") added the num_config_regs, then commit 9edd4f5aee84 ("regmap-irq:
Deprecate type registers and virtual registers") suggested to replace
num_type_reg with it. However, regmap_add_irq_chip_fwnode wasn't modified
to use the new property. Later on, commit 255a03bb1bb3 ("ASoC: wcd9335:
Convert irq chip to config regs") removed the old num_type_reg property
from the WCD9335 driver's struct regmap_irq_chip, causing a null pointer
dereference in regmap_irq_set_type when it tried to index d->type_buf as
it was never allocated in regmap_add_irq_chip_fwnode:
[ 39.199374] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 39.200006] Call trace:
[ 39.200014] regmap_irq_set_type+0x84/0x1c0
[ 39.200026] __irq_set_trigger+0x60/0x1c0
[ 39.200040] __setup_irq+0x2f4/0x78c
[ 39.200051] request_threaded_irq+0xe8/0x1a0
Use num_config_regs in regmap_add_irq_chip_fwnode instead of num_type_reg,
and fall back to it if num_config_regs isn't defined to maintain backward
compatibility.
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue can crash affected systems when a specific interrupt configuration path is used. It stems from an internal kernel data structure not being allocated after related code changes. The public record does not show active exploitation or a CVSS score.
Executive priority
Treat as a targeted stability risk, not currently an internet-scale emergency. Prioritize patching affected Linux devices where kernel crashes would disrupt operations, especially embedded or hardware-specific deployments using the impacted driver paths.
Technical view
regmap_add_irq_chip_fwnode did not switch from num_type_reg to num_config_regs after regmap IRQ changes. When the WCD9335 driver removed num_type_reg, regmap_irq_set_type could dereference a null type_buf during IRQ trigger setup. The fix uses num_config_regs and falls back to num_type_reg for compatibility.
Likely exposure
Exposure appears limited to Linux kernels in the affected range noted by the CVE record, especially systems using the regmap IRQ fwnode path and affected driver configuration. The source lists Linux 6.0, 6.0.16, 6.1.2, and 6.2, but version range details are incomplete.
Exploitation context
The provided sources describe a kernel null pointer dereference during IRQ setup, not a remote attack path. KEV is false, and no cited source reports active exploitation. Practical impact is most likely denial of service or device instability on affected hardware/software combinations.
Researcher notes
The record lacks CVSS, CWE, and detailed affected range semantics. Analysis should focus on commit lineage and downstream backports. The key fix is allocation logic in regmap_add_irq_chip_fwnode using num_config_regs with backward-compatible fallback.
Mitigation direction
Update to a kernel containing the referenced stable fixes.
Use distribution or device-vendor kernel advisories for packaged update guidance.
Prioritize systems using affected regmap IRQ or WCD9335-related configurations.
Test kernel updates on representative hardware before broad deployment.
Validation and detection
Inventory Linux kernel versions against the CVE affected-version data.
Check vendor changelogs for the referenced stable commit IDs.
Confirm whether regmap IRQ fwnode and WCD9335 paths are enabled.
Review kernel logs for the documented null dereference call trace.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-50558 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
4Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Oct 22, 2025, 13:23 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.