CVE-2022-50064 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-50064?

CVE-2022-50064 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's virtio-blk driver that occurs during system suspend/resume cycles. When a virtual machine with virtio-blk storage resumes from suspend, the kernel may crash due to accessing freed memory, potentially leading to denial of service. This affects Linux systems using virtio-blk drivers for virtualized storage.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's virtio-blk driver that occurs during system suspend/resume cycles. When a virtual machine with virtio-blk storage resumes from suspend, the kernel may crash due to accessing freed memory, potentially leading to denial of service. This affects Linux systems using virtio-blk drivers for virtualized storage.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE description, but patches exist for stable kernel branches.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires virtio-blk driver usage in virtualized environments. Physical systems without virtio-blk are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic and system crash leading to complete denial of service, potentially causing data corruption or loss in virtualized environments.

🟠

Likely Case

System crash during resume from suspend, requiring reboot and causing temporary service disruption.

🟢

If Mitigated

No impact if patched or if suspend/resume functionality is disabled.

🌐 Internet-Facing: LOW - Requires local access to trigger suspend/resume cycles.

🏢 Internal Only: MEDIUM - Can be triggered by authorized users with suspend/resume privileges in virtualized environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger suspend/resume cycles, typically requiring local access and appropriate privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel branches via commits 2b54e14535bc34bf649372060d518ec9f2b893b3 and 8d12ec10292877751ee4463b11a63bd850bc09b5

Vendor Advisory: https://git.kernel.org/stable/c/2b54e14535bc34bf649372060d518ec9f2b893b3

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check with your distribution vendor for specific patched kernel versions. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable suspend/resume functionality

linux

Prevent system suspend/resume cycles that trigger the vulnerability

systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

Avoid virtio-blk usage

linux

Use alternative storage drivers in virtualized environments

🧯 If You Can't Patch

Disable system suspend functionality to prevent trigger conditions
Monitor for kernel panic logs and have recovery procedures ready

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if virtio-blk module is loaded: lsmod | grep virtio_blk

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or check with distribution vendor for patched kernel versions

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages during resume from suspend
Call traces mentioning virtqueue_add_split or virtblk_add_req in kernel logs

Network Indicators:

Sudden loss of connectivity from affected VM

SIEM Query:

source="kernel" AND ("virtqueue_add_split" OR "virtblk_add_req" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2022-50064

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (4.9th percentile)

Published: June 18, 2025

Last Updated: November 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50064, you might also want to check these: