What is CVE-2022-50870?

CVE-2022-50870 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.16 onward and patched in 4.14.303, 4.19.270, 5.4.229 and others. CVE-2022-50870 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50870?

CVE-2022-50870 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50870?

Yes, CVE-2022-50870 has been patched. Fixed versions include 4.14.303, 4.19.270, 5.4.229 and others. If you are running Linux kernel 2.6.16 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50870 actively exploited?

CVE-2022-50870 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50870

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtas_os_term() rtas_os_term() is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ state changes. If the kernel panics while devtree_lock is held, rtas_os_term() as currently written could hang. Instead of discovering the relevant characteristics at panic time, cache them in file-static variables at boot. Note the lookup for "ibm,extended-os-term" is converted to of_property_read_bool() since it is a boolean property, not an RTAS function token. [mpe: Incorporate suggested change from Nick]

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.16 and later are affected. Fixed in 4.14.303, 4.19.270, 5.4.229, 5.10.163, 5.15.87, 6.0.17, 6.1.3, 6.2 and their respective stable series.

Affected from

≥ 2.6.16

Fixed in

✓ 4.14.303 4.14.x ✓ 4.19.270 4.19.x ✓ 5.4.229 5.4.x ✓ 5.10.163 5.10.x ✓ 5.15.87 5.15.x ✓ 6.0.17 6.0.x ✓ 6.1.3 6.1.x ✓ 6.2

References

The following references provide additional information about CVE-2022-50870 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/06a07fbb32b3a23eec20a42b1e64474da0a3b33e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/464d10e8d797454e16a173ef1292a446b2adf21c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/698e682c849e356fb47a8be47ca8baa817cf31e0
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50870?

CVE-2022-50870 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.16 onward and has been patched in 4.14.303, 4.19.270, 5.4.229 and others. CVE-2022-50870 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50870?

Yes — CVE-2022-50870 has been patched. Fixed versions include 4.14.303, 4.19.270, 5.4.229 and others. If you are running Linux kernel 2.6.16 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50870 actively exploited?

No — CVE-2022-50870 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.