CVE-2022-50189 – This CVE describes a file pointer leak vulnerab... (How to Fix)

Q: What is the severity of CVE-2022-50189?

CVE-2022-50189 has a CVSS score of 7.1 (HIGH). This CVE describes a file pointer leak vulnerability in the Linux kernel's turbostat tool. If fscanf fails during execution, the tool doesn't properly close the file pointer, potentially leading to resource exhaustion. This affects systems running vulnerable Linux kernel versions with turbostat installed and executed.

📋 TL;DR

This CVE describes a file pointer leak vulnerability in the Linux kernel's turbostat tool. If fscanf fails during execution, the tool doesn't properly close the file pointer, potentially leading to resource exhaustion. This affects systems running vulnerable Linux kernel versions with turbostat installed and executed.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific vulnerable kernel versions with the turbostat tool (check git commits for exact ranges)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when turbostat tool is installed and executed. Many distributions don't install turbostat by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could repeatedly trigger the file pointer leak to exhaust system file descriptors, causing denial of service and potentially crashing the system or preventing legitimate processes from opening files.

🟠

Likely Case

Local users could cause turbostat to leak file descriptors when processing malformed input, leading to resource exhaustion that affects system stability and performance.

🟢

If Mitigated

With proper privilege separation and limited turbostat usage, impact is minimal as it requires local access and specific conditions to trigger.

🌐 Internet-Facing: LOW - turbostat is a local diagnostic tool not typically exposed to network interfaces.

🏢 Internal Only: MEDIUM - Local users with turbostat access could potentially exploit this to cause resource exhaustion on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to execute turbostat with specific conditions to trigger the fscanf failure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 2ebf6f5946817f33fb33e613e359229e98164eb3 or 5e5fd36c58d6c820f7292ee492c3731c9a104a41

Vendor Advisory: https://git.kernel.org/stable/c/2ebf6f5946817f33fb33e613e359229e98164eb3

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify turbostat is updated if distributed separately.

🔧 Temporary Workarounds

Remove turbostat tool

linux

Uninstall or remove turbostat binary to eliminate attack surface

sudo apt remove linux-tools-common
sudo yum remove kernel-tools
sudo rm /usr/bin/turbostat

Restrict turbostat execution

linux

Limit who can execute turbostat using file permissions or sudoers

sudo chmod 750 /usr/bin/turbostat
sudo chown root:trustedgroup /usr/bin/turbostat

🧯 If You Can't Patch

Remove turbostat tool from production systems
Implement strict access controls to prevent unauthorized users from executing turbostat

🔍 How to Verify

Check if Vulnerable:

Check if turbostat exists and kernel version is vulnerable: ls -la /usr/bin/turbostat && uname -r

Check Version:

uname -r

Verify Fix Applied:

Check kernel version after update and verify turbostat binary date/size changed

📡 Detection & Monitoring

Log Indicators:

Multiple file descriptor allocation failures in system logs
turbostat process crashes or abnormal exits

Network Indicators:

None - local tool only

SIEM Query:

process.name:turbostat AND (event.action:failed OR resource.type:file_descriptor)

📊 Metadata

CVE ID: CVE-2022-50189

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-772

EPSS Score: 0.02% exploit probability (4.9th percentile)

Published: June 18, 2025

Last Updated: January 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50189, you might also want to check these: