What is CVE-2022-50705?

CVE-2022-50705 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.15.54 onward and patched in 5.15.90, 6.0.3 and 6.1. CVE-2022-50705 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50705?

CVE-2022-50705 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50705?

Yes, CVE-2022-50705 has been patched. Fixed versions include 5.15.90, 6.0.3 and 6.1. If you are running Linux kernel 5.15.54 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50705 actively exploited?

CVE-2022-50705 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50705

In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as that might be off soft/hard irq context. Defer the calls to when we process the task_work for this request. That avoids valid complaints like: stack backtrace: CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.0.0-rc6-syzkaller-00321-g105a36f3694e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_usage_bug kernel/locking/lockdep.c:3961 [inline] valid_state kernel/locking/lockdep.c:3973 [inline] mark_lock_irq kernel/locking/lockdep.c:4176 [inline] mark_lock.part.0.cold+0x18/0xd8 kernel/locking/lockdep.c:4632 mark_lock kernel/locking/lockdep.c:4596 [inline] mark_usage kernel/locking/lockdep.c:4527 [inline] __lock_acquire+0x11d9/0x56d0 kernel/locking/lockdep.c:5007 lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __fs_reclaim_acquire mm/page_alloc.c:4674 [inline] fs_reclaim_acquire+0x115/0x160 mm/page_alloc.c:4688 might_alloc include/linux/sched/mm.h:271 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x39/0x520 mm/slab.c:3491 fanotify_alloc_fid_event fs/notify/fanotify/fanotify.c:580 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:813 [inline] fanotify_handle_event+0x1130/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.15.54, 5.16.19, 5.17.2, 5.18 and later are affected. Fixed in 5.15.90, 6.0.3, 6.1 and their respective stable series.

Affected from

≥ 5.15.54 ≥ 5.16.19 ≥ 5.17.2 ≥ 5.18

Fixed in

✓ 5.15.90 5.15.x ✓ 6.0.3 6.0.x ✓ 6.1

References

The following references provide additional information about CVE-2022-50705 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/2a853c206e553dd9c0a55c22858fd6a446d93e15
Patch
Kernel patch commit
https://git.kernel.org/stable/c/89a410dbd0f159ddd308f19d6eb682fc753e4771
Patch
Kernel patch commit
https://git.kernel.org/stable/c/b000145e9907809406d8164c3b2b8861d95aecd1
Patch

Frequently asked questions

What is CVE-2022-50705?

CVE-2022-50705 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.15.54 onward and has been patched in 5.15.90, 6.0.3 and 6.1. CVE-2022-50705 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50705?

Yes — CVE-2022-50705 has been patched. Fixed versions include 5.15.90, 6.0.3 and 6.1. If you are running Linux kernel 5.15.54 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50705 actively exploited?

No — CVE-2022-50705 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.