What is CVE-2022-50556?

CVE-2022-50556 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.0 onward and patched in 5.10.173, 5.15.99, 6.1.16 and others. CVE-2022-50556 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50556?

CVE-2022-50556 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50556?

Yes, CVE-2022-50556 has been patched. Fixed versions include 5.10.173, 5.15.99, 6.1.16 and others. If you are running Linux kernel 4.0 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50556 actively exploited?

CVE-2022-50556 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50556

In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref due to drmm_mode_config_init() drmm_mode_config_init() will call drm_mode_create_standard_properties() and won't check the ret value. When drm_mode_create_standard_properties() failed due to alloc, property will be a NULL pointer and may causes the null-ptr-deref. Fix the null-ptr-deref by adding the ret value check. Found null-ptr-deref while testing insert module bochs: general protection fault, probably for non-canonical address 0xdffffc000000000c: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067] CPU: 3 PID: 249 Comm: modprobe Not tainted 6.1.0-rc1+ #364 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:drm_object_attach_property+0x73/0x3c0 [drm] Call Trace: <TASK> __drm_connector_init+0xb6c/0x1100 [drm] bochs_pci_probe.cold.11+0x4cb/0x7fe [bochs] pci_device_probe+0x17d/0x340 really_probe+0x1db/0x5d0 __driver_probe_device+0x1e7/0x250 driver_probe_device+0x4a/0x120 __driver_attach+0xcd/0x2c0 bus_for_each_dev+0x11a/0x1b0 bus_add_driver+0x3d7/0x500 driver_register+0x18e/0x320 do_one_initcall+0xc4/0x3e0 do_init_module+0x1b4/0x630 load_module+0x5dca/0x7230 __do_sys_finit_module+0x100/0x170 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7ff65af9f839

Package Linux Kernel

Published 2025-10-22

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.0 and later are affected. Fixed in 5.10.173, 5.15.99, 6.1.16, 6.2.3, 6.3 and their respective stable series.

Affected from

≥ 4.0

Fixed in

✓ 5.10.173 5.10.x ✓ 5.15.99 5.15.x ✓ 6.1.16 6.1.x ✓ 6.2.3 6.2.x ✓ 6.3

References

The following references provide additional information about CVE-2022-50556 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/5ae70041a6d7de62a0cdb2bbcfe0c9cf753035d0
Patch
Kernel patch commit
https://git.kernel.org/stable/c/834c23e4f798dcdc8af251b3c428ceef94741991
Patch
Kernel patch commit
https://git.kernel.org/stable/c/961620ad67611a7320a49f4b6f3c5e2906833a03
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50556?

CVE-2022-50556 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.0 onward and has been patched in 5.10.173, 5.15.99, 6.1.16 and others. CVE-2022-50556 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50556?

Yes — CVE-2022-50556 has been patched. Fixed versions include 5.10.173, 5.15.99, 6.1.16 and others. If you are running Linux kernel 4.0 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50556 actively exploited?

No — CVE-2022-50556 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.