CVE-2022-50288 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-50288?

CVE-2022-50288 has a CVSS score of 5.5 (MEDIUM). This CVE describes a use-after-free vulnerability in the Linux kernel's qlcnic driver. When qlcnic_dcb_enable() fails under out-of-memory conditions, it silently frees adapter->dcb while callers continue to use the pointer, potentially leading to kernel crashes or privilege escalation. This affects systems using QLogic network adapters with the vulnerable driver.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's qlcnic driver. When qlcnic_dcb_enable() fails under out-of-memory conditions, it silently frees adapter->dcb while callers continue to use the pointer, potentially leading to kernel crashes or privilege escalation. This affects systems using QLogic network adapters with the vulnerable driver.

💻 Affected Systems

Products:

Linux kernel with qlcnic driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using QLogic network adapters with the qlcnic driver loaded. The vulnerability triggers under out-of-memory conditions when qlcnic_dcb_enable() is called.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel mode allowing full system compromise.

🟠

Likely Case

System instability, kernel crashes, or denial of service when the driver encounters memory pressure conditions.

🟢

If Mitigated

Minor performance impact or driver failure without system compromise if proper error handling is in place.

🌐 Internet-Facing: LOW - This requires local access to trigger the vulnerability through driver operations.

🏢 Internal Only: MEDIUM - Malicious local users or processes could potentially exploit this to cause system instability or privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to trigger the vulnerable code path under memory pressure conditions. No public exploits are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions containing the fix commits (e.g., 13a7c8964afcd8ca43c0b6001ebb0127baa95362 and related)

Vendor Advisory: https://git.kernel.org/stable/c/13a7c8964afcd8ca43c0b6001ebb0127baa95362

Restart Required: No

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Rebuild kernel if using custom kernel. 4. No reboot required for live kernel updates if supported.

🔧 Temporary Workarounds

Disable qlcnic driver

all

Prevent loading of the vulnerable qlcnic driver if QLogic adapters are not needed

echo 'blacklist qlcnic' >> /etc/modprobe.d/blacklist.conf
rmmod qlcnic

Limit memory pressure

all

Configure system to reduce likelihood of out-of-memory conditions triggering the vulnerability

sysctl -w vm.overcommit_memory=2
sysctl -w vm.overcommit_ratio=80

🧯 If You Can't Patch

Restrict local user access to systems using QLogic adapters
Implement strict memory limits and monitoring to prevent OOM conditions

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if qlcnic module is loaded: uname -r && lsmod | grep qlcnic

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or check with distribution's security advisory

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes or panics
qlcnic driver error messages in dmesg

Network Indicators:

Unusual network adapter behavior if using QLogic hardware

SIEM Query:

source="kernel" AND ("qlcnic" OR "use-after-free" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2022-50288

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: September 15, 2025

Last Updated: December 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50288, you might also want to check these: