What is CVE-2022-50164?

CVE-2022-50164 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10, affecting Linux kernel versions from 5.1 onward and patched in 5.4.211, 5.10.137, 5.15.61 and others. CVE-2022-50164 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50164?

CVE-2022-50164 has a CVSS score of 7.8 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2022-50164?

Yes, CVE-2022-50164 has been patched. Fixed versions include 5.4.211, 5.10.137, 5.15.61 and others. If you are running Linux kernel 5.1 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50164 actively exploited?

CVE-2022-50164 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50164

High

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue After successfull station association, if station queues are disabled for some reason, the related lists are not emptied. So if some new element is added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old one and produce a BUG like this: [ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388). [ 46.535283] ------------[ cut here ]------------ [ 46.535284] kernel BUG at lib/list_debug.c:26! [ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1 [ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012 [ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f [ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1 [ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286 [ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000 [ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff [ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666 [ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388 [ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0 [ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000 [ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0 [ 46.687422] Call Trace: [ 46.689906] <TASK> [ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm] [ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211] [ 46.702973] ? sta_info_get+0x46/0x60 [mac80211] [ 46.707703] ieee80211_tx+0xad/0x110 [mac80211] [ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211] ... In order to avoid this problem, we must also remove the related lists when station queues are disabled.

Package Linux Kernel

Published 2025-06-18

Last modified 2025-11-18

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

7.8

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-415

CVE-2022-50164 is classified as CWE-415

See CWE-415 on MITRE CWE for full details on this weakness type.

Affected versions

Linux kernel versions 5.1 and later are affected. Fixed in 5.4.211, 5.10.137, 5.15.61, 5.18.18, 5.19.2, 6.0 and their respective stable series.

Affected from

≥ 5.1

Fixed in

✓ 5.4.211 5.4.x ✓ 5.10.137 5.10.x ✓ 5.15.61 5.15.x ✓ 5.18.18 5.18.x ✓ 5.19.2 5.19.x ✓ 6.0

References

The following references provide additional information about CVE-2022-50164 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/14a3aacf517a9de725dd3219dbbcf741e31763c4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/182d3c1385f44ba7c508bf5b1292a7fe96ad4e9e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/38d71acc15a2e72806b516380af0adb3830d4639
Patch

6 patch commits total View all on NVD

Details

CVE ID CVE-2022-50164

Severity High

CVSS score 7.8 / 10

CVSS version 3.1

Published 2025-06-18

Modified 2025-11-18

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2022-50164?

CVE-2022-50164 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . It affects Linux kernel versions from 5.1 onward and has been patched in 5.4.211, 5.10.137, 5.15.61 and others. CVE-2022-50164 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2022-50164?

CVE-2022-50164 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2022-50164?

Yes — CVE-2022-50164 has been patched. Fixed versions include 5.4.211, 5.10.137, 5.15.61 and others. If you are running Linux kernel 5.1 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50164 actively exploited?

No — CVE-2022-50164 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.