CVE-2022-50210 [Medium] | Security Vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] Modules linked in: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 [ 3.084034] Hardware name: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27 [ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa [ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Call Trace: [ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<980000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ end trace 8b484262b4b8c24c ]---

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-11-20	0.06%	0.01%	-0.05%
2	2025-11-18	0.04%	0.06%	+0.02%
3	2025-11-14	—	0.04%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-11-20

0.06%

0.01%

-0.05%

2025-11-18

0.04%

0.06%

+0.02%

2025-11-14

—

0.04%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.5	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.8	3.6	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.5

3.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

1.8

3.6

[email protected]

OS Trackers for CVE-2022-50210

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2022-50210 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2022-50210
`redhat`	—	—	https://access.redhat.com/security/cve/CVE-2022-50210
`suse`	medium	CVE-2022-50210 severity moderate: SUSE including 26 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 281 product×package rows across 55 product lines (SLES-LTSS-TERADATA 15 SP2, SUSE Linux Enterprise High Availability Extension 15 SP7, … (55 product lines)): Known Not Affected 281.	https://www.suse.com/security/cve/CVE-2022-50210/
`ubuntu`	medium	CVE-2022-50210 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1551 status rows across 10 suites (bionic, focal, jammy, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 1145, released 151, ignored 150, not-affected 99, needed 5, needs-triage 1.	https://ubuntu.com/security/CVE-2022-50210

Affected software / configurations for CVE-2022-50210

Vendor	Product	Version	Raw CPE
linux	linux_kernel	< 4.9.326	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.10, < 4.14.291	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.15, < 4.19.256	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 4.20, < 5.4.211	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.5, < 5.10.137	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.11, < 5.15.61	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.16, < 5.18.18	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.19, < 5.19.2	cpe:2.3:o:linux:linux_kernel::::::::

References for CVE-2022-50210

URL	Tags
https://git.kernel.org/stable/c/274e44e2123417e0924c90d4b4531913b5f3aa2e	Patch
https://git.kernel.org/stable/c/4cb392956ae392aec4aa06e661a0bb9146b0bace	Patch
https://git.kernel.org/stable/c/7d305823e02217b29d41fca67e3cef87fd7bd688	Patch
https://git.kernel.org/stable/c/807adf6ffa8c3beedcd63b20f5a59c7d061df7d2	Patch
https://git.kernel.org/stable/c/8916ec149c79cb21f5454fa7840ad96f99cf51cf	Patch
https://git.kernel.org/stable/c/98aaa511957667ba26d6dabe28dfa210a8f53a63	Patch
https://git.kernel.org/stable/c/d3ac4e47510ec0753ebe1e418a334ad202784aa8	Patch
https://git.kernel.org/stable/c/e1a534f5d074db45ae5cbac41d8912b98e96a006	Patch
https://git.kernel.org/stable/c/e41db8a9ce696a3382a4f098878fd4d14bccd201	Patch

URL

CVE-2022-50210 | MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

Exploit prediction scoring system (EPSS) score for CVE-2022-50210

Common vulnerability scoring system (CVSS) metrics for CVE-2022-50210

Weakness enumeration for CVE-2022-50210

OS Trackers for CVE-2022-50210

Affected software / configurations for CVE-2022-50210

References for CVE-2022-50210