What is CVE-2022-50854?

CVE-2022-50854 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.12 onward and patched in 5.15.77, 6.0.7 and 6.1. CVE-2022-50854 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50854?

CVE-2022-50854 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50854?

Yes, CVE-2022-50854 has been patched. Fixed versions include 5.15.77, 6.0.7 and 6.1. If you are running Linux kernel 5.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50854 actively exploited?

CVE-2022-50854 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50854

In the Linux kernel, the following vulnerability has been resolved: nfc: virtual_ncidev: Fix memory leak in virtual_nci_send() skb should be free in virtual_nci_send(), otherwise kmemleak will report memleak. Steps for reproduction (simulated in qemu): cd tools/testing/selftests/nci make ./nci_dev BUG: memory leak unreferenced object 0xffff888107588000 (size 208): comm "nci_dev", pid 206, jiffies 4294945376 (age 368.248s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000008d94c8fd>] __alloc_skb+0x1da/0x290 [<00000000278bc7f8>] nci_send_cmd+0xa3/0x350 [<0000000081256a22>] nci_reset_req+0x6b/0xa0 [<000000009e721112>] __nci_request+0x90/0x250 [<000000005d556e59>] nci_dev_up+0x217/0x5b0 [<00000000e618ce62>] nfc_dev_up+0x114/0x220 [<00000000981e226b>] nfc_genl_dev_up+0x94/0xe0 [<000000009bb03517>] genl_family_rcv_msg_doit.isra.14+0x228/0x2d0 [<00000000b7f8c101>] genl_rcv_msg+0x35c/0x640 [<00000000c94075ff>] netlink_rcv_skb+0x11e/0x350 [<00000000440cfb1e>] genl_rcv+0x24/0x40 [<0000000062593b40>] netlink_unicast+0x43f/0x640 [<000000001d0b13cc>] netlink_sendmsg+0x73a/0xbf0 [<000000003272487f>] __sys_sendto+0x324/0x370 [<00000000ef9f1747>] __x64_sys_sendto+0xdd/0x1b0 [<000000001e437841>] do_syscall_64+0x3f/0x90

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.12 and later are affected. Fixed in 5.15.77, 6.0.7, 6.1 and their respective stable series.

Affected from

≥ 5.12

Fixed in

✓ 5.15.77 5.15.x ✓ 6.0.7 6.0.x ✓ 6.1

References

The following references provide additional information about CVE-2022-50854 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/2c46a9a5f0b1c7341aa67667801079f3ff571678
Patch
Kernel patch commit
https://git.kernel.org/stable/c/88e879c9f59511174ef0ab1a3c9c83e2dbf8a213
Patch
Kernel patch commit
https://git.kernel.org/stable/c/e840d8f4a1b323973052a1af5ad4edafcde8ae3d
Patch

Frequently asked questions

What is CVE-2022-50854?

CVE-2022-50854 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.12 onward and has been patched in 5.15.77, 6.0.7 and 6.1. CVE-2022-50854 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50854?

Yes — CVE-2022-50854 has been patched. Fixed versions include 5.15.77, 6.0.7 and 6.1. If you are running Linux kernel 5.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50854 actively exploited?

No — CVE-2022-50854 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.