Login Sign Up

CVE-2022-50266

5.5 MEDIUM

📋 TL;DR

A race condition vulnerability in the Linux kernel's kprobes subsystem where kill_kprobe() fails to properly disarm enabled probes before marking them as gone. This could allow a local attacker to trigger a NULL pointer dereference, potentially causing kernel panic or system crash. Affects Linux systems using kprobes for dynamic kernel instrumentation.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if kprobes functionality is enabled and accessible to users. Most distributions restrict kprobes to privileged users by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution or denial of service through kernel panic/crash, leading to system instability or complete unavailability.

🟠

Likely Case

Local denial of service through kernel panic or system crash when kprobes are manipulated under specific timing conditions.

🟢

If Mitigated

Minimal impact if kprobes are not used or access to kprobes is restricted to privileged users only.

🌐 Internet-Facing: LOW - Requires local access to the system; not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users with sufficient privileges to use kprobes could cause system instability or crashes.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to manipulate kprobes, plus precise timing to trigger the race condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 0c76ef3f26d5ef2ac2c21b47e7620cff35809fbb, c909985dd0c0f74b61e3f8f0e04bf8aa9c8b97c7, or f20a067f13106565816b4b6a6b665b2088a63824

Vendor Advisory: https://git.kernel.org/stable/c/0c76ef3f26d5ef2ac2c21b47e7620cff35809fbb

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Restrict kprobes access

all

Limit kprobes functionality to trusted privileged users only

echo 1 > /proc/sys/kernel/kptr_restrict
echo 1 > /proc/sys/kernel/perf_event_paranoid

🧯 If You Can't Patch

  • Restrict kprobes usage to essential privileged users only
  • Monitor system logs for kprobes-related errors or crashes

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's patched versions. Vulnerable if using kernel before fix commits.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • NULL pointer dereference errors in dmesg
  • kprobes-related crash reports

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kprobe" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2022-50266
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.01% exploit probability (1.1th percentile)
Published: September 15, 2025
Last Updated: December 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50266, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)