What is CVE-2022-50363?

CVE-2022-50363 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, classified as a Use After Free flaw (CWE-416), affecting Linux kernel versions from 6.0 onward and patched in 6.0.6 and 6.1. CVE-2022-50363 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50363?

CVE-2022-50363 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2022-50363?

Yes, CVE-2022-50363 has been patched. Fixed versions include 6.0.6 and 6.1. If you are running Linux kernel 6.0 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50363 actively exploited?

CVE-2022-50363 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Use After Free (CWE-416)?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/416.html

CVE-2022-50363

Medium

In the Linux kernel, the following vulnerability has been resolved: skmsg: pass gfp argument to alloc_sk_msg() syzbot found that alloc_sk_msg() could be called from a non sleepable context. sk_psock_verdict_recv() uses rcu_read_lock() protection. We need the callers to pass a gfp_t argument to avoid issues. syzbot report was: BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3613, name: syz-executor414 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 INFO: lockdep is turned off. CPU: 0 PID: 3613 Comm: syz-executor414 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 __might_resched+0x538/0x6a0 kernel/sched/core.c:9877 might_alloc include/linux/sched/mm.h:274 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc_node mm/slub.c:3162 [inline] slab_alloc mm/slub.c:3256 [inline] kmem_cache_alloc_trace+0x59/0x310 mm/slub.c:3287 kmalloc include/linux/slab.h:600 [inline] kzalloc include/linux/slab.h:733 [inline] alloc_sk_msg net/core/skmsg.c:507 [inline] sk_psock_skb_ingress_self+0x5c/0x330 net/core/skmsg.c:600 sk_psock_verdict_apply+0x395/0x440 net/core/skmsg.c:1014 sk_psock_verdict_recv+0x34d/0x560 net/core/skmsg.c:1201 tcp_read_skb+0x4a1/0x790 net/ipv4/tcp.c:1770 tcp_rcv_established+0x129d/0x1a10 net/ipv4/tcp_input.c:5971 tcp_v4_do_rcv+0x479/0xac0 net/ipv4/tcp_ipv4.c:1681 sk_backlog_rcv include/net/sock.h:1109 [inline] __release_sock+0x1d8/0x4c0 net/core/sock.c:2906 release_sock+0x5d/0x1c0 net/core/sock.c:3462 tcp_sendmsg+0x36/0x40 net/ipv4/tcp.c:1483 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] __sys_sendto+0x46d/0x5f0 net/socket.c:2117 __do_sys_sendto net/socket.c:2129 [inline] __se_sys_sendto net/socket.c:2125 [inline] __x64_sys_sendto+0xda/0xf0 net/socket.c:2125 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Package Linux Kernel

Published 2025-09-17

Last modified 2026-01-14

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-416

CVE-2022-50363 is a Use After Free vulnerability

What is Use After Free?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. Learn more on MITRE CWE

Affected versions

Linux kernel versions 6.0 and later are affected. Fixed in 6.0.6, 6.1 and their respective stable series.

Affected from

≥ 6.0

Fixed in

✓ 6.0.6 6.0.x ✓ 6.1

References

The following references provide additional information about CVE-2022-50363 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/2d1f274b95c6e4ba6a813b3b8e7a1a38d54a0a08
Patch
Kernel patch commit
https://git.kernel.org/stable/c/693ddd6ffc05b228ea1638f9d757c5d3541f9446
Patch

Details

CVE ID CVE-2022-50363

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2025-09-17

Modified 2026-01-14

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2022-50363?

CVE-2022-50363 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 , classified as an Use After Free flaw (CWE-416) . It affects Linux kernel versions from 6.0 onward and has been patched in 6.0.6 and 6.1. CVE-2022-50363 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2022-50363?

CVE-2022-50363 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2022-50363?

Yes — CVE-2022-50363 has been patched. Fixed versions include 6.0.6 and 6.1. If you are running Linux kernel 6.0 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50363 actively exploited?

No — CVE-2022-50363 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Use After Free (CWE-416)?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. View CWE-416 on MITRE CWE →