What is CVE-2022-50869?

CVE-2022-50869 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.15 onward and patched in 5.15.87, 6.0.17, 6.1.3 and others. CVE-2022-50869 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50869?

CVE-2022-50869 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50869?

Yes, CVE-2022-50869 has been patched. Fixed versions include 5.15.87, 6.0.17, 6.1.3 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50869 actively exploited?

CVE-2022-50869 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50869

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds in r_page When PAGE_SIZE is 64K, if read_log_page is called by log_read_rst for the first time, the size of *buffer would be equal to DefaultLogPageSize(4K).But for *buffer operations like memcpy, if the memory area size(n) which being assigned to buffer is larger than 4K (log->page_size(64K) or bytes(64K-page_off)), it will cause an out of boundary error. Call trace: [...] kasan_report+0x44/0x130 check_memory_region+0xf8/0x1a0 memcpy+0xc8/0x100 ntfs_read_run_nb+0x20c/0x460 read_log_page+0xd0/0x1f4 log_read_rst+0x110/0x75c log_replay+0x1e8/0x4aa0 ntfs_loadlog_and_replay+0x290/0x2d0 ntfs_fill_super+0x508/0xec0 get_tree_bdev+0x1fc/0x34c [...] Fix this by setting variable r_page to NULL in log_read_rst.

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.15 and later are affected. Fixed in 5.15.87, 6.0.17, 6.1.3, 6.2 and their respective stable series.

Affected from

≥ 5.15

Fixed in

✓ 5.15.87 5.15.x ✓ 6.0.17 6.0.x ✓ 6.1.3 6.1.x ✓ 6.2

References

The following references provide additional information about CVE-2022-50869 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/6d076293e5bffdf897ea5f975669206e09beed6a
Patch
Kernel patch commit
https://git.kernel.org/stable/c/bf86a640a34947d92062996e1a75b9cd9d83dd19
Patch
Kernel patch commit
https://git.kernel.org/stable/c/ecfbd57cf9c5ca225184ae266ce44ae473792132
Patch

4 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50869?

CVE-2022-50869 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.15 onward and has been patched in 5.15.87, 6.0.17, 6.1.3 and others. CVE-2022-50869 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50869?

Yes — CVE-2022-50869 has been patched. Fixed versions include 5.15.87, 6.0.17, 6.1.3 and others. If you are running Linux kernel 5.15 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50869 actively exploited?

No — CVE-2022-50869 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.