CVE-2022-50423 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2022-50423?

CVE-2022-50423 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's ACPICA subsystem that allows local attackers to potentially execute arbitrary code or cause denial of service. It affects systems running vulnerable Linux kernel versions with ACPI functionality enabled. The vulnerability occurs when copying internal package objects fails, leading to memory being freed while still referenced.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's ACPICA subsystem that allows local attackers to potentially execute arbitrary code or cause denial of service. It affects systems running vulnerable Linux kernel versions with ACPI functionality enabled. The vulnerability occurs when copying internal package objects fails, leading to memory being freed while still referenced.

💻 Affected Systems

Products:

Linux Kernel

Versions: Kernel versions containing commit 8aa5e56eeb61 up to fixes in stable releases

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ACPI functionality enabled (common on most systems). Virtualization environments may be affected if using vulnerable kernels.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, potentially leading to complete system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

Limited impact if proper kernel hardening and privilege separation are implemented.

🌐 Internet-Facing: LOW - Requires local access to exploit.

🏢 Internal Only: MEDIUM - Could be exploited by malicious local users or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to load kernel modules or trigger ACPI operations. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable releases containing commits 01f2c2052ea5, 02617006b5a4, 02f237423c9c, 133462d35dae, or 470188b09e92

Vendor Advisory: https://git.kernel.org/stable/c/01f2c2052ea50fb9a8ce12e4e83aed0267934ef0

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Restrict kernel module loading

linux

Prevent unauthorized users from loading kernel modules that could trigger the vulnerability

echo 1 > /proc/sys/kernel/modules_disabled
sysctl -w kernel.modules_disabled=1

Disable ACPI if not needed

linux

Remove ACPI kernel parameter if system doesn't require it

Add 'acpi=off' to kernel boot parameters in GRUB configuration

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Monitor for kernel panics or unusual system behavior indicating exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and compare with affected versions. Check if commit 8aa5e56eeb61 is present in kernel source.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to include one of the fix commits. Check dmesg for any ACPI-related errors after patch.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
ACPI error messages in dmesg
KASAN reports of use-after-free

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("KASAN" OR "use-after-free" OR "ACPI error")

📊 Metadata

CVE ID: CVE-2022-50423

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (5.3th percentile)

Published: October 1, 2025

Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50423, you might also want to check these: