What is CVE-2022-50765?

CVE-2022-50765 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.19 onward and patched in 6.0.18, 6.1.4 and 6.2. CVE-2022-50765 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50765?

CVE-2022-50765 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50765?

Yes, CVE-2022-50765 has been patched. Fixed versions include 6.0.18, 6.1.4 and 6.2. If you are running Linux kernel 5.19 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50765 actively exploited?

CVE-2022-50765 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50765

In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xff2000000403d000 (size 4096): comm "kexec", pid 146, jiffies 4294900633 (age 64.792s) hex dump (first 32 bytes): 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............ 04 00 f3 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000566ca97c>] kmemleak_vmalloc+0x3c/0xbe [<00000000979283d8>] __vmalloc_node_range+0x3ac/0x560 [<00000000b4b3712a>] __vmalloc_node+0x56/0x62 [<00000000854f75e2>] vzalloc+0x2c/0x34 [<00000000e9a00db9>] crash_prepare_elf64_headers+0x80/0x30c [<0000000067e8bf48>] elf_kexec_load+0x3e8/0x4ec [<0000000036548e09>] kexec_image_load_default+0x40/0x4c [<0000000079fbe1b4>] sys_kexec_file_load+0x1c4/0x322 [<0000000040c62c03>] ret_from_syscall+0x0/0x2 In elf_kexec_load(), a buffer is allocated via vzalloc() to store elf headers. While it's not freed back to system when kdump kernel is reloaded or unloaded, or when image->elf_header is successfully set and then fails to load kdump kernel for some reason. Fix it by freeing the buffer in arch_kimage_file_post_load_cleanup().

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.19 and later are affected. Fixed in 6.0.18, 6.1.4, 6.2 and their respective stable series.

Affected from

≥ 5.19

Fixed in

✓ 6.0.18 6.0.x ✓ 6.1.4 6.1.x ✓ 6.2

References

The following references provide additional information about CVE-2022-50765 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/090bfcfc9f14d05154893c67eeaecc56e894fbae
Patch
Kernel patch commit
https://git.kernel.org/stable/c/cbc32023ddbdf4baa3d9dc513a2184a84080a5a2
Patch
Kernel patch commit
https://git.kernel.org/stable/c/cdea2da6787583ecca43594132533a2ac8d7cd21
Patch

Frequently asked questions

What is CVE-2022-50765?

CVE-2022-50765 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.19 onward and has been patched in 6.0.18, 6.1.4 and 6.2. CVE-2022-50765 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50765?

Yes — CVE-2022-50765 has been patched. Fixed versions include 6.0.18, 6.1.4 and 6.2. If you are running Linux kernel 5.19 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50765 actively exploited?

No — CVE-2022-50765 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.