What is CVE-2022-50731?

CVE-2022-50731 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.2 onward and patched in 5.4.220, 5.10.150, 5.15.75 and others. CVE-2022-50731 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50731?

CVE-2022-50731 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50731?

Yes, CVE-2022-50731 has been patched. Fixed versions include 5.4.220, 5.10.150, 5.15.75 and others. If you are running Linux kernel 5.2 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50731 actively exploited?

CVE-2022-50731 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50731

In the Linux kernel, the following vulnerability has been resolved: crypto: akcipher - default implementation for setting a private key Changes from v1: * removed the default implementation from set_pub_key: it is assumed that an implementation must always have this callback defined as there are no use case for an algorithm, which doesn't need a public key Many akcipher implementations (like ECDSA) support only signature verifications, so they don't have all callbacks defined. Commit 78a0324f4a53 ("crypto: akcipher - default implementations for request callbacks") introduced default callbacks for sign/verify operations, which just return an error code. However, these are not enough, because before calling sign the caller would likely call set_priv_key first on the instantiated transform (as the in-kernel testmgr does). This function does not have a default stub, so the kernel crashes, when trying to set a private key on an akcipher, which doesn't support signature generation. I've noticed this, when trying to add a KAT vector for ECDSA signature to the testmgr. With this patch the testmgr returns an error in dmesg (as it should) instead of crashing the kernel NULL ptr dereference.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.2 and later are affected. Fixed in 5.4.220, 5.10.150, 5.15.75, 5.19.17, 6.0.3, 6.1 and their respective stable series.

Affected from

≥ 5.2

Fixed in

✓ 5.4.220 5.4.x ✓ 5.10.150 5.10.x ✓ 5.15.75 5.15.x ✓ 5.19.17 5.19.x ✓ 6.0.3 6.0.x ✓ 6.1

References

The following references provide additional information about CVE-2022-50731 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/779a9930f3e152c82699feb389a0e6d6644e747e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/85bc736a18b872f54912e8bb70682d11770aece0
Patch
Kernel patch commit
https://git.kernel.org/stable/c/95c4e20adc3ea00d1594a2a05d9b187ed12ffa8e
Patch

6 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50731?

CVE-2022-50731 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.2 onward and has been patched in 5.4.220, 5.10.150, 5.15.75 and others. CVE-2022-50731 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50731?

Yes — CVE-2022-50731 has been patched. Fixed versions include 5.4.220, 5.10.150, 5.15.75 and others. If you are running Linux kernel 5.2 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50731 actively exploited?

No — CVE-2022-50731 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.