What is CVE-2022-50725?

CVE-2022-50725 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.10 onward and patched in 5.10.163, 5.15.86, 6.0.16 and others. CVE-2022-50725 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50725?

CVE-2022-50725 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50725?

Yes, CVE-2022-50725 has been patched. Fixed versions include 5.10.163, 5.15.86, 6.0.16 and others. If you are running Linux kernel 5.10 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50725 actively exploited?

CVE-2022-50725 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50725

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() KASAN reports a use-after-free: BUG: KASAN: use-after-free in dvb_dmxdev_release+0x4d5/0x5d0 [dvb_core] Call Trace: ... dvb_dmxdev_release+0x4d5/0x5d0 [dvb_core] vidtv_bridge_probe+0x7bf/0xa40 [dvb_vidtv_bridge] platform_probe+0xb6/0x170 ... Allocated by task 1238: ... dvb_register_device+0x1a7/0xa70 [dvb_core] dvb_dmxdev_init+0x2af/0x4a0 [dvb_core] vidtv_bridge_probe+0x766/0xa40 [dvb_vidtv_bridge] ... Freed by task 1238: dvb_register_device+0x6d2/0xa70 [dvb_core] dvb_dmxdev_init+0x2af/0x4a0 [dvb_core] vidtv_bridge_probe+0x766/0xa40 [dvb_vidtv_bridge] ... It is because the error handling in vidtv_bridge_dvb_init() is wrong. First, vidtv_bridge_dmx(dev)_init() will clean themselves when fail, but goto fail_dmx(_dev): calls release functions again, which causes use-after-free. Also, in fail_fe, fail_tuner_probe and fail_demod_probe, j = i will cause out-of-bound when i finished its loop (i == NUM_FE). And the loop releasing is wrong, although now NUM_FE is 1 so it won't cause problem. Fix this by correctly releasing everything.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.10 and later are affected. Fixed in 5.10.163, 5.15.86, 6.0.16, 6.1.2, 6.2 and their respective stable series.

Affected from

≥ 5.10

Fixed in

✓ 5.10.163 5.10.x ✓ 5.15.86 5.15.x ✓ 6.0.16 6.0.x ✓ 6.1.2 6.1.x ✓ 6.2

References

The following references provide additional information about CVE-2022-50725 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0369af6fe33d4053899b121b32e91f870b2cf0ae
Patch
Kernel patch commit
https://git.kernel.org/stable/c/06398ce69571a43a8a0dd0f1bfe35d221f726a6a
Patch
Kernel patch commit
https://git.kernel.org/stable/c/8a204a0b4a0d105229735222c515759ea2b126c1
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50725?

CVE-2022-50725 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.10 onward and has been patched in 5.10.163, 5.15.86, 6.0.16 and others. CVE-2022-50725 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50725?

Yes — CVE-2022-50725 has been patched. Fixed versions include 5.10.163, 5.15.86, 6.0.16 and others. If you are running Linux kernel 5.10 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50725 actively exploited?

No — CVE-2022-50725 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.