What is CVE-2022-50747?

CVE-2022-50747 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.14 onward and patched in 4.9.337, 4.14.303, 4.19.270 and others. CVE-2022-50747 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50747?

CVE-2022-50747 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50747?

Yes, CVE-2022-50747 has been patched. Fixed versions include 4.9.337, 4.14.303, 4.19.270 and others. If you are running Linux kernel 2.6.14 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50747 actively exploited?

CVE-2022-50747 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50747

In the Linux kernel, the following vulnerability has been resolved: hfs: Fix OOB Write in hfs_asc2mac Syzbot reported a OOB Write bug: loop0: detected capacity change from 0 to 64 ================================================================== BUG: KASAN: slab-out-of-bounds in hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133 Write of size 1 at addr ffff88801848314e by task syz-executor391/3632 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:284 print_report+0x107/0x1f0 mm/kasan/report.c:395 kasan_report+0xcd/0x100 mm/kasan/report.c:495 hfs_asc2mac+0x467/0x9a0 fs/hfs/trans.c:133 hfs_cat_build_key+0x92/0x170 fs/hfs/catalog.c:28 hfs_lookup+0x1ab/0x2c0 fs/hfs/dir.c:31 lookup_open fs/namei.c:3391 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x10e6/0x2df0 fs/namei.c:3710 do_filp_open+0x264/0x4f0 fs/namei.c:3740 If in->len is much larger than HFS_NAMELEN(31) which is the maximum length of an HFS filename, a OOB write could occur in hfs_asc2mac(). In that case, when the dst reaches the boundary, the srclen is still greater than 0, which causes a OOB write. Fix this by adding a check on dstlen in while() before writing to dst address.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.14 and later are affected. Fixed in 4.9.337, 4.14.303, 4.19.270, 5.4.229, 5.10.163, 5.15.86, 6.0.16, 6.1.2, 6.2 and their respective stable series.

Affected from

≥ 2.6.14

Fixed in

✓ 4.9.337 4.9.x ✓ 4.14.303 4.14.x ✓ 4.19.270 4.19.x ✓ 5.4.229 5.4.x ✓ 5.10.163 5.10.x ✓ 5.15.86 5.15.x ✓ 6.0.16 6.0.x ✓ 6.1.2 6.1.x ✓ 6.2

References

The following references provide additional information about CVE-2022-50747 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/6a95b17e4d4cd2d8278559f930b447f8c9c8cff9
Patch
Kernel patch commit
https://git.kernel.org/stable/c/7af9cb8cbb81308ce4b06cc7164267faccbf75dd
Patch
Kernel patch commit
https://git.kernel.org/stable/c/8399318b13dc9e0569dee07ba2994098926d4fb2
Patch

9 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50747?

CVE-2022-50747 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.14 onward and has been patched in 4.9.337, 4.14.303, 4.19.270 and others. CVE-2022-50747 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50747?

Yes — CVE-2022-50747 has been patched. Fixed versions include 4.9.337, 4.14.303, 4.19.270 and others. If you are running Linux kernel 2.6.14 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50747 actively exploited?

No — CVE-2022-50747 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.