What is CVE-2022-50631?

CVE-2022-50631 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.19 onward and patched in 6.0.18, 6.1.4 and 6.2. CVE-2022-50631 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50631?

CVE-2022-50631 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50631?

Yes, CVE-2022-50631 has been patched. Fixed versions include 6.0.18, 6.1.4 and 6.2. If you are running Linux kernel 5.19 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50631 actively exploited?

CVE-2022-50631 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50631

In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of fdt buffer This is reported by kmemleak detector: unreferenced object 0xff60000082864000 (size 9588): comm "kexec", pid 146, jiffies 4294900634 (age 64.788s) hex dump (first 32 bytes): d0 0d fe ed 00 00 12 ed 00 00 00 48 00 00 11 40 ...........H...@ 00 00 00 28 00 00 00 11 00 00 00 02 00 00 00 00 ...(............ backtrace: [<00000000f95b17c4>] kmemleak_alloc+0x34/0x3e [<00000000b9ec8e3e>] kmalloc_order+0x9c/0xc4 [<00000000a95cf02e>] kmalloc_order_trace+0x34/0xb6 [<00000000f01e68b4>] __kmalloc+0x5c2/0x62a [<000000002bd497b2>] kvmalloc_node+0x66/0xd6 [<00000000906542fa>] of_kexec_alloc_and_setup_fdt+0xa6/0x6ea [<00000000e1166bde>] elf_kexec_load+0x206/0x4ec [<0000000036548e09>] kexec_image_load_default+0x40/0x4c [<0000000079fbe1b4>] sys_kexec_file_load+0x1c4/0x322 [<0000000040c62c03>] ret_from_syscall+0x0/0x2 In elf_kexec_load(), a buffer is allocated via kvmalloc() to store fdt. While it's not freed back to system when kexec kernel is reloaded or unloaded. Then memory leak is caused. Fix it by introducing riscv specific function arch_kimage_file_post_load_cleanup(), and freeing the buffer there.

Package Linux Kernel

Published 2025-12-09

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.19 and later are affected. Fixed in 6.0.18, 6.1.4, 6.2 and their respective stable series.

Affected from

≥ 5.19

Fixed in

✓ 6.0.18 6.0.x ✓ 6.1.4 6.1.x ✓ 6.2

References

The following references provide additional information about CVE-2022-50631 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/96df59b1ae23f5c11698c3c2159aeb2ecd4944a4
Patch
Kernel patch commit
https://git.kernel.org/stable/c/c66ad198b6497dee8f45d7ed5c03629c4525c7d0
Patch
Kernel patch commit
https://git.kernel.org/stable/c/dc387c34d8dd10b02a333df098f8fd9bba177a45
Patch

Frequently asked questions

What is CVE-2022-50631?

CVE-2022-50631 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.19 onward and has been patched in 6.0.18, 6.1.4 and 6.2. CVE-2022-50631 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50631?

Yes — CVE-2022-50631 has been patched. Fixed versions include 6.0.18, 6.1.4 and 6.2. If you are running Linux kernel 5.19 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50631 actively exploited?

No — CVE-2022-50631 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.