CVE-2022-50446 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2022-50446?

CVE-2022-50446 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak vulnerability in the Linux kernel's ARC architecture implementation. When processes terminate, memory allocated for page table entries (PTEs) isn't properly released, causing gradual memory exhaustion over time. All systems running Linux kernels with ARC CPUs from v5.15-rc1 onward are affected.

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's ARC architecture implementation. When processes terminate, memory allocated for page table entries (PTEs) isn't properly released, causing gradual memory exhaustion over time. All systems running Linux kernels with ARC CPUs from v5.15-rc1 onward are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: v5.15-rc1 and later versions until patched

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with ARC (Argonaut RISC Core) CPUs. x86, ARM, and other architectures are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system memory exhaustion leading to denial of service, system crashes, and potential data loss as the kernel runs out of available memory.

🟠

Likely Case

Gradual performance degradation over time as available memory decreases, eventually causing application failures and system instability requiring reboots.

🟢

If Mitigated

Minimal impact if systems are regularly rebooted before memory exhaustion occurs, though this is not a sustainable solution.

🌐 Internet-Facing: LOW - This is a local memory management issue, not directly exploitable over the network.

🏢 Internal Only: MEDIUM - While not directly exploitable for privilege escalation, it can cause system instability affecting all services and users.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW - The vulnerability is inherent in memory management and doesn't require complex exploitation techniques.

This is a reliability issue rather than a security vulnerability that enables arbitrary code execution or privilege escalation. Attackers cannot directly exploit this for unauthorized access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in kernel versions containing commits 14009ada5712649589ab4ad0441b811780ea8773, 4fd9df10cb7a9289fbd22d669f9f98164d95a1ce, or d83a69966e8b6ae9dd447f3ac704c0223bceb7f7

Vendor Advisory: https://git.kernel.org/stable/c/14009ada5712649589ab4ad0441b811780ea8773

Restart Required: Yes

Instructions:

1. Update to a patched Linux kernel version. 2. Check your distribution's security advisories for specific update instructions. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Regular system reboots

linux

Reboot systems periodically to clear accumulated leaked memory

sudo reboot

Memory monitoring and alerting

linux

Implement monitoring to detect memory exhaustion and trigger alerts

# Monitor memory usage with tools like top, htop, or custom scripts

🧯 If You Can't Patch

Implement aggressive memory monitoring with automated alerts when memory usage exceeds thresholds
Schedule regular system reboots during maintenance windows to clear leaked memory

🔍 How to Verify

Check if Vulnerable:

Check kernel version and CPU architecture: uname -r and cat /proc/cpuinfo | grep -i arc

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is newer than v5.15-rc1 and check if the specific fix commits are included in your kernel build

📡 Detection & Monitoring

Log Indicators:

Kernel OOM (Out of Memory) killer messages in /var/log/kern.log or dmesg
Increasing memory usage over time without corresponding process growth

Network Indicators:

None - this is a local memory management issue

SIEM Query:

Search for 'Out of memory' or 'Killed process' events in kernel logs over extended periods

📊 Metadata

CVE ID: CVE-2022-50446

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

EPSS Score: 0.02% exploit probability (5.4th percentile)

Published: October 1, 2025

Last Updated: January 16, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50446, you might also want to check these: