What is CVE-2022-50826?

CVE-2022-50826 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.14 onward and patched in 5.15.87, 6.0.18, 6.1.4 and others. CVE-2022-50826 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50826?

CVE-2022-50826 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50826?

Yes, CVE-2022-50826 has been patched. Fixed versions include 5.15.87, 6.0.18, 6.1.4 and others. If you are running Linux kernel 5.14 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50826 actively exploited?

CVE-2022-50826 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50826

In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() Calling v4l2_subdev_get_try_crop() and v4l2_subdev_get_try_compose() with a subdev state of NULL leads to a NULL pointer dereference. This can currently happen in imgu_subdev_set_selection() when the state passed in is NULL, as this method first gets pointers to both the "try" and "active" states and only then decides which to use. The same issue has been addressed for imgu_subdev_get_selection() with commit 30d03a0de650 ("ipu3-imgu: Fix NULL pointer dereference in active selection access"). However the issue still persists in imgu_subdev_set_selection(). Therefore, apply a similar fix as done in the aforementioned commit to imgu_subdev_set_selection(). To keep things a bit cleaner, introduce helper functions for "crop" and "compose" access and use them in both imgu_subdev_set_selection() and imgu_subdev_get_selection().

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.14 and later are affected. Fixed in 5.15.87, 6.0.18, 6.1.4, 6.2 and their respective stable series.

Affected from

≥ 5.14

Fixed in

✓ 5.15.87 5.15.x ✓ 6.0.18 6.0.x ✓ 6.1.4 6.1.x ✓ 6.2

References

The following references provide additional information about CVE-2022-50826 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/5038ee677606106c91564f9c4557d808d14bad70
Patch
Kernel patch commit
https://git.kernel.org/stable/c/611d617bdb6c5d636a9861ec1c98e813fc8a5556
Patch
Kernel patch commit
https://git.kernel.org/stable/c/dc608edf7d45ba0c2ad14c06eccd66474fec7847
Patch

4 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50826?

CVE-2022-50826 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.14 onward and has been patched in 5.15.87, 6.0.18, 6.1.4 and others. CVE-2022-50826 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50826?

Yes — CVE-2022-50826 has been patched. Fixed versions include 5.15.87, 6.0.18, 6.1.4 and others. If you are running Linux kernel 5.14 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50826 actively exploited?

No — CVE-2022-50826 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.