CVE-2022-50552 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2022-50552?

CVE-2022-50552 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's block multi-queue (blk-mq) subsystem allows local attackers to cause kernel panics or potentially execute arbitrary code. The race condition occurs during elevator scheduler switching when reinitializing hardware queues, leading to NULL pointer dereferences. This affects Linux systems using the blk-mq subsystem with NVMe or similar storage controllers.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's block multi-queue (blk-mq) subsystem allows local attackers to cause kernel panics or potentially execute arbitrary code. The race condition occurs during elevator scheduler switching when reinitializing hardware queues, leading to NULL pointer dereferences. This affects Linux systems using the blk-mq subsystem with NVMe or similar storage controllers.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but patches exist for stable kernel branches

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires blk-mq subsystem with storage controllers that trigger queue reinitialization (like NVMe resets).

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, with potential for privilege escalation to kernel-level code execution.

🟠

Likely Case

System crash and denial of service when storage controllers are reset or reconfigured.

🟢

If Mitigated

Minimal impact if systems are patched or don't use affected storage configurations.

🌐 Internet-Facing: LOW - Requires local access to trigger the race condition.

🏢 Internal Only: MEDIUM - Local attackers or misconfigured storage operations could trigger crashes.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger storage controller resets or queue reinitialization to exploit the race condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees via git commits: 63a681bcc32a, 8237c01f1696, c478b3b2900f

Vendor Advisory: https://git.kernel.org/stable/c/63a681bcc32a43528ce0f690569f7f48e59c3963

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check with distribution vendor for backported patches. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Avoid storage controller resets

linux

Prevent operations that trigger NVMe controller resets or hardware queue reinitialization

🧯 If You Can't Patch

Restrict local access to prevent malicious users from triggering storage operations
Monitor for storage controller resets and investigate unusual activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from distribution vendor. Examine if system uses NVMe or similar storage with blk-mq.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or is newer than patched versions. Check dmesg for absence of related panic messages.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages mentioning 'kyber_has_work', 'blk_mq_run_work_fn', or NULL pointer dereferences in storage context
NVMe controller reset logs followed by crashes

SIEM Query:

source="kernel" AND ("kyber_has_work" OR "blk_mq_run_work_fn" OR "NULL pointer dereference" AND "nvme")

📊 Metadata

CVE ID: CVE-2022-50552

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: October 7, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50552, you might also want to check these: