What is CVE-2022-50569?

CVE-2022-50569 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.12 onward and patched in 4.9.331, 4.14.296, 4.19.262 and others. CVE-2022-50569 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50569?

CVE-2022-50569 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50569?

Yes, CVE-2022-50569 has been patched. Fixed versions include 4.9.331, 4.14.296, 4.19.262 and others. If you are running Linux kernel 2.6.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50569 actively exploited?

CVE-2022-50569 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50569

In the Linux kernel, the following vulnerability has been resolved: xfrm: Update ipcomp_scratches with NULL when freed Currently if ipcomp_alloc_scratches() fails to allocate memory ipcomp_scratches holds obsolete address. So when we try to free the percpu scratches using ipcomp_free_scratches() it tries to vfree non existent vm area. Described below: static void * __percpu *ipcomp_alloc_scratches(void) { ... scratches = alloc_percpu(void *); if (!scratches) return NULL; ipcomp_scratches does not know about this allocation failure. Therefore holding the old obsolete address. ... } So when we free, static void ipcomp_free_scratches(void) { ... scratches = ipcomp_scratches; Assigning obsolete address from ipcomp_scratches if (!scratches) return; for_each_possible_cpu(i) vfree(*per_cpu_ptr(scratches, i)); Trying to free non existent page, causing warning: trying to vfree existent vm area. ... } Fix this breakage by updating ipcomp_scrtches with NULL when scratches is freed

Package Linux Kernel

Published 2025-10-22

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.12 and later are affected. Fixed in 4.9.331, 4.14.296, 4.19.262, 5.4.220, 5.10.150, 5.15.75, 5.19.17, 6.0.3, 6.1 and their respective stable series.

Affected from

≥ 2.6.12

Fixed in

✓ 4.9.331 4.9.x ✓ 4.14.296 4.14.x ✓ 4.19.262 4.19.x ✓ 5.4.220 5.4.x ✓ 5.10.150 5.10.x ✓ 5.15.75 5.15.x ✓ 5.19.17 5.19.x ✓ 6.0.3 6.0.x ✓ 6.1

References

The following references provide additional information about CVE-2022-50569 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/03155680191ef0f004b1d6a5714c5b8cd271ab61
Patch
Kernel patch commit
https://git.kernel.org/stable/c/18373ed500f7cd53e24d9b0bd0f1c09d78dba87e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/1e8abde895b3ac6a368cbdb372e8800c49e73a28
Patch

9 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50569?

CVE-2022-50569 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.12 onward and has been patched in 4.9.331, 4.14.296, 4.19.262 and others. CVE-2022-50569 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50569?

Yes — CVE-2022-50569 has been patched. Fixed versions include 4.9.331, 4.14.296, 4.19.262 and others. If you are running Linux kernel 2.6.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50569 actively exploited?

No — CVE-2022-50569 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.