CVE-2022-50422 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2022-50422?

CVE-2022-50422 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's libsas subsystem allows local attackers to potentially crash the system or execute arbitrary code. This affects systems using Serial Attached SCSI (SAS) storage with the vulnerable kernel versions. Attackers need local access to exploit this vulnerability.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's libsas subsystem allows local attackers to potentially crash the system or execute arbitrary code. This affects systems using Serial Attached SCSI (SAS) storage with the vulnerable kernel versions. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but patches available for multiple stable branches

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with SAS storage controllers using the libsas subsystem. Systems without SAS storage are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to kernel compromise, system crash, or arbitrary code execution with kernel privileges.

🟠

Likely Case

Kernel panic or system crash causing denial of service, potentially leading to data corruption in storage operations.

🟢

If Mitigated

Limited impact with proper access controls preventing local attacker access to vulnerable systems.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly reachable from internet.

🏢 Internal Only: MEDIUM - Local attackers or malicious insiders could exploit this to disrupt systems or escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and timing the race condition between timer deletion and task cleanup. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes: 117331a2a5227fb4369c2a1f321d3e3e2e2ef8fe, 2e12ce270f0d926085c1209cc90397e307deef97, 46ba53c30666717cb06c2b3c5d896301cd00d0c0, a9e5176ead6de64f572ad5c87a72825d9d3c82ae, e45a1516d2933703a4823d9db71e17c3abeba24f

Vendor Advisory: https://git.kernel.org/stable/c/117331a2a5227fb4369c2a1f321d3e3e2e2ef8fe

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Check kernel version matches patched commits. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable SAS storage if not needed

linux

Remove or disable SAS storage controllers to eliminate attack surface

# Check SAS modules: lsmod | grep sas
# Remove modules: rmmod libsas
# Blacklist modules: echo 'blacklist libsas' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Restrict local access to systems using SAS storage through strict user permissions and access controls
Implement kernel module signing and secure boot to prevent unauthorized kernel module loading

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if SAS modules are loaded: 'lsmod | grep sas' and 'uname -r' to compare with vulnerable versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits: 'cat /proc/version' should show patched kernel version

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
OOM killer messages related to SAS
System crash dumps

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "BUG") AND "sas"

📊 Metadata

CVE ID: CVE-2022-50422

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (5.1th percentile)

Published: October 1, 2025

Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50422, you might also want to check these: