CVE-2022-50092 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2022-50092?

CVE-2022-50092 has a CVSS score of 5.5 (MEDIUM). A use-after-free vulnerability in the Linux kernel's device-mapper thin provisioning subsystem allows local attackers to crash the system or potentially execute arbitrary code. This affects systems using dm-thin with metadata device failures. Only users with local access to create or modify device-mapper configurations are affected.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's device-mapper thin provisioning subsystem allows local attackers to crash the system or potentially execute arbitrary code. This affects systems using dm-thin with metadata device failures. Only users with local access to create or modify device-mapper configurations are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using device-mapper thin provisioning (dm-thin) with metadata device failures.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution.

🟠

Likely Case

System crash or denial of service when metadata device fails and thin-pool is reloaded.

🟢

If Mitigated

System remains stable with proper error handling preventing the use-after-free.

🌐 Internet-Facing: LOW - Requires local access and specific device-mapper operations.

🏢 Internal Only: MEDIUM - Local users with device-mapper privileges could cause system instability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Reproduction steps are documented in the CVE description. Requires local access and ability to trigger metadata device failures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 05cef0999b3208b5a6ede1bfac855139e4de55ef, 1a199fa9217d28511ff88529238fd9980ea64cf3, 3534e5a5ed2997ca1b00f44a0378a075bd05e8a3, 5e2cf705155a1514be3c96ea664a9cd356998ee7, e4dbe24f4bfd8377e7ba79fdcdb7c4d6eb1c6790

Vendor Advisory: https://git.kernel.org/stable/c/05cef0999b3208b5a6ede1bfac855139e4de55ef

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Avoid thin-pool reloads after metadata failures

linux

Prevent reloading device-mapper tables for thin-pools that have experienced metadata device failures.

# Monitor for metadata device failures and avoid dmsetup reload operations on affected pools

🧯 If You Can't Patch

Restrict local user access to device-mapper operations (dmsetup)
Monitor for metadata device failures and avoid thin-pool operations during failures

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if using dm-thin with metadata devices. Vulnerable if kernel is unpatched and dm-thin is in use.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or is from a distribution that has backported the patches.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
KASAN use-after-free reports
dm-thin error messages about metadata failures

Network Indicators:

None - local vulnerability only

SIEM Query:

Search for: 'KASAN: use-after-free', 'dm_pool_register_metadata_threshold', or kernel panic events

📊 Metadata

CVE ID: CVE-2022-50092

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (3.5th percentile)

Published: June 18, 2025

Last Updated: November 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50092, you might also want to check these: