What is CVE-2022-50630?

CVE-2022-50630 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.11 onward and patched in 5.10.150, 5.15.75, 5.19.17 and others. CVE-2022-50630 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50630?

CVE-2022-50630 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50630?

Yes, CVE-2022-50630 has been patched. Fixed versions include 5.10.150, 5.15.75, 5.19.17 and others. If you are running Linux kernel 4.11 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50630 actively exploited?

CVE-2022-50630 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50630

In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlb_handle_userfault The vma_lock and hugetlb_fault_mutex are dropped before handling userfault and reacquire them again after handle_userfault(), but reacquire the vma_lock could lead to UAF[1,2] due to the following race, hugetlb_fault hugetlb_no_page /*unlock vma_lock */ hugetlb_handle_userfault handle_userfault /* unlock mm->mmap_lock*/ vm_mmap_pgoff do_mmap mmap_region munmap_vma_range /* clean old vma */ /* lock vma_lock again <--- UAF */ /* unlock vma_lock */ Since the vma_lock will unlock immediately after hugetlb_handle_userfault(), let's drop the unneeded lock and unlock in hugetlb_handle_userfault() to fix the issue. [1] https://lore.kernel.org/linux-mm/[email protected]/ [2] https://lore.kernel.org/linux-mm/[email protected]/

Package Linux Kernel

Published 2025-12-08

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.11 and later are affected. Fixed in 5.10.150, 5.15.75, 5.19.17, 6.0.3, 6.1 and their respective stable series.

Affected from

≥ 4.11

Fixed in

✓ 5.10.150 5.10.x ✓ 5.15.75 5.15.x ✓ 5.19.17 5.19.x ✓ 6.0.3 6.0.x ✓ 6.1

References

The following references provide additional information about CVE-2022-50630 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0db2efb3bff879566f05341d94c3de00ac95c4cc
Patch
Kernel patch commit
https://git.kernel.org/stable/c/45c33966759ea1b4040c08dacda99ef623c0ca29
Patch
Kernel patch commit
https://git.kernel.org/stable/c/78504bcedb2f1bbfb353b4d233c24d641c4dda33
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50630?

CVE-2022-50630 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.11 onward and has been patched in 5.10.150, 5.15.75, 5.19.17 and others. CVE-2022-50630 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50630?

Yes — CVE-2022-50630 has been patched. Fixed versions include 5.10.150, 5.15.75, 5.19.17 and others. If you are running Linux kernel 4.11 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50630 actively exploited?

No — CVE-2022-50630 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.