Login Sign Up

CVE-2022-50875

N/A Unknown
Denial of Service

📋 TL;DR

A null pointer dereference vulnerability in the Linux kernel's overlay filesystem code could cause kernel crashes or potential privilege escalation. This affects Linux systems using the overlay filesystem feature, particularly container environments like Docker that rely on overlayfs.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions with overlay filesystem support before fixes were applied (specific commit ranges in references)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when overlay filesystem (overlayfs) is in use, common in container environments like Docker.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation if an attacker can control memory allocation failure conditions.

🟠

Likely Case

System crash or denial of service when overlay filesystem operations fail due to memory allocation issues.

🟢

If Mitigated

Minimal impact if systems have proper memory limits and don't use overlay filesystems extensively.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger specific overlay filesystem operations.
🏢 Internal Only: MEDIUM - Containerized environments using overlayfs could be affected by crashes or privilege escalation attempts.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires ability to trigger memory allocation failures in specific kernel functions, making reliable exploitation difficult.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 2b4af99b4486, 71d88c7453ec, 9ec5781879b4, ab5bb7bbacf5, or ce1b3a41e796

Vendor Advisory: https://git.kernel.org/stable/c/2b4af99b44861646013821019dd13a4ac48c0219

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable overlay filesystem

linux

Prevent use of overlayfs if not required

modprobe -r overlay
echo 'blacklist overlay' >> /etc/modprobe.d/blacklist.conf

Limit container overlay usage

linux

Configure Docker/containerd to use alternative storage drivers

dockerd --storage-driver=devicemapper
dockerd --storage-driver=aufs

🧯 If You Can't Patch

  • Avoid using overlay filesystem where possible
  • Implement strict memory limits to reduce chance of allocation failures

🔍 How to Verify

Check if Vulnerable:

Check if overlay module is loaded and kernel version is unpatched: lsmod | grep overlay && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or is newer than patched releases

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • NULL pointer dereference in kernel logs
  • overlayfs related crash dumps

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("NULL pointer" OR "kernel panic" OR "overlay")

📊 Metadata

CVE ID: CVE-2022-50875
CVSS v3 Score: N/A (Unknown)
EPSS Score: 0.05% exploit probability (14.2th percentile)
Published: December 30, 2025
Last Updated: December 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON