What is CVE-2022-50884?

CVE-2022-50884 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.16 onward and patched in 4.9.331, 4.14.296, 4.19.262 and others. CVE-2022-50884 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50884?

CVE-2022-50884 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50884?

Yes, CVE-2022-50884 has been patched. Fixed versions include 4.9.331, 4.14.296, 4.19.262 and others. If you are running Linux kernel 2.6.16 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50884 actively exploited?

CVE-2022-50884 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50884

In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drm_copy_field() to attempt copying a NULL pointer There are some struct drm_driver fields that are required by drivers since drm_copy_field() attempts to copy them to user-space via DRM_IOCTL_VERSION. But it can be possible that a driver has a bug and did not set some of the fields, which leads to drm_copy_field() attempting to copy a NULL pointer: [ +10.395966] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000 [ +0.010955] Mem abort info: [ +0.002835] ESR = 0x0000000096000004 [ +0.003872] EC = 0x25: DABT (current EL), IL = 32 bits [ +0.005395] SET = 0, FnV = 0 [ +0.003113] EA = 0, S1PTW = 0 [ +0.003182] FSC = 0x04: level 0 translation fault [ +0.004964] Data abort info: [ +0.002919] ISV = 0, ISS = 0x00000004 [ +0.003886] CM = 0, WnR = 0 [ +0.003040] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000115dad000 [ +0.006536] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ +0.006925] Internal error: Oops: 96000004 [#1] SMP ... [ +0.011113] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ +0.007061] pc : __pi_strlen+0x14/0x150 [ +0.003895] lr : drm_copy_field+0x30/0x1a4 [ +0.004156] sp : ffff8000094b3a50 [ +0.003355] x29: ffff8000094b3a50 x28: ffff8000094b3b70 x27: 0000000000000040 [ +0.007242] x26: ffff443743c2ba00 x25: 0000000000000000 x24: 0000000000000040 [ +0.007243] x23: ffff443743c2ba00 x22: ffff8000094b3b70 x21: 0000000000000000 [ +0.007241] x20: 0000000000000000 x19: ffff8000094b3b90 x18: 0000000000000000 [ +0.007241] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaab14b9af40 [ +0.007241] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ +0.007239] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa524ad67d4d8 [ +0.007242] x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : 6c6e6263606e7141 [ +0.007239] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 [ +0.007241] x2 : 0000000000000000 x1 : ffff8000094b3b90 x0 : 0000000000000000 [ +0.007240] Call trace: [ +0.002475] __pi_strlen+0x14/0x150 [ +0.003537] drm_version+0x84/0xac [ +0.003448] drm_ioctl_kernel+0xa8/0x16c [ +0.003975] drm_ioctl+0x270/0x580 [ +0.003448] __arm64_sys_ioctl+0xb8/0xfc [ +0.003978] invoke_syscall+0x78/0x100 [ +0.003799] el0_svc_common.constprop.0+0x4c/0xf4 [ +0.004767] do_el0_svc+0x38/0x4c [ +0.003357] el0_svc+0x34/0x100 [ +0.003185] el0t_64_sync_handler+0x11c/0x150 [ +0.004418] el0t_64_sync+0x190/0x194 [ +0.003716] Code: 92402c04 b200c3e8 f13fc09f 5400088c (a9400c02) [ +0.006180] ---[ end trace 0000000000000000 ]---

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.16 and later are affected. Fixed in 4.9.331, 4.14.296, 4.19.262, 5.4.220, 5.10.150, 5.15.75, 5.19.17, 6.0.3, 6.1 and their respective stable series.

Affected from

≥ 2.6.16

Fixed in

✓ 4.9.331 4.9.x ✓ 4.14.296 4.14.x ✓ 4.19.262 4.19.x ✓ 5.4.220 5.4.x ✓ 5.10.150 5.10.x ✓ 5.15.75 5.15.x ✓ 5.19.17 5.19.x ✓ 6.0.3 6.0.x ✓ 6.1

References

The following references provide additional information about CVE-2022-50884 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/2d6708ea5c2033ff53267feff1876a717689989f
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6cf5e9356b2d856403ee480f987f3ea64dbf8d8c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/8052612b9d08048ebbebcb572894670b4ac07d2f
Patch

9 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50884?

CVE-2022-50884 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.16 onward and has been patched in 4.9.331, 4.14.296, 4.19.262 and others. CVE-2022-50884 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50884?

Yes — CVE-2022-50884 has been patched. Fixed versions include 4.9.331, 4.14.296, 4.19.262 and others. If you are running Linux kernel 2.6.16 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50884 actively exploited?

No — CVE-2022-50884 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.