What is CVE-2022-50733?

CVE-2022-50733 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.13 onward and patched in 4.9.331, 4.14.296, 4.19.262 and others. CVE-2022-50733 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50733?

CVE-2022-50733 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50733?

Yes, CVE-2022-50733 has been patched. Fixed versions include 4.9.331, 4.14.296, 4.19.262 and others. If you are running Linux kernel 2.6.13 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50733 actively exploited?

CVE-2022-50733 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50733

In the Linux kernel, the following vulnerability has been resolved: usb: idmouse: fix an uninit-value in idmouse_open In idmouse_create_image, if any ftip_command fails, it will go to the reset label. However, this leads to the data in bulk_in_buffer[HEADER..IMGSIZE] uninitialized. And the check for valid image incurs an uninitialized dereference. Fix this by moving the check before reset label since this check only be valid if the data after bulk_in_buffer[HEADER] has concrete data. Note that this is found by KMSAN, so only kernel compilation is tested.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.13 and later are affected. Fixed in 4.9.331, 4.14.296, 4.19.262, 5.4.220, 5.10.150, 5.15.75, 5.19.17, 6.0.3, 6.1 and their respective stable series.

Affected from

≥ 2.6.13

Fixed in

✓ 4.9.331 4.9.x ✓ 4.14.296 4.14.x ✓ 4.19.262 4.19.x ✓ 5.4.220 5.4.x ✓ 5.10.150 5.10.x ✓ 5.15.75 5.15.x ✓ 5.19.17 5.19.x ✓ 6.0.3 6.0.x ✓ 6.1

References

The following references provide additional information about CVE-2022-50733 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/1eae30c0113dde7522088231584d62415011a035
Patch
Kernel patch commit
https://git.kernel.org/stable/c/20b8c456df584ebb2387dc23d40ebe4ff334417c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6163a5ae097bc78fa26c243fb384537e25610fd7
Patch

9 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50733?

CVE-2022-50733 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.13 onward and has been patched in 4.9.331, 4.14.296, 4.19.262 and others. CVE-2022-50733 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50733?

Yes — CVE-2022-50733 has been patched. Fixed versions include 4.9.331, 4.14.296, 4.19.262 and others. If you are running Linux kernel 2.6.13 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50733 actively exploited?

No — CVE-2022-50733 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.