CVE-2022-50870 | powerpc/rtas: avoid device tree lookups in rtas_os_term()

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtas_os_term() rtas_os_term() is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ state changes. If the kernel panics while devtree_lock is held, rtas_os_term() as currently written could hang. Instead of discovering the relevant characteristics at panic time, cache them in file-static variables at boot. Note the lookup for "ibm,extended-os-term" is converted to of_property_read_bool() since it is a boolean property, not an RTAS function token. [mpe: Incorporate suggested change from Nick]

Published: 2025-12-30 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2022-50870 is rated Low Risk (6/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-50870

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-31	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-50870

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2022-50870

OS Trackers for CVE-2022-50870

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2022-50870 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2022-50870
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2022-50870
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2022-50870/
`ubuntu`	medium	CVE-2022-50870 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 176, released 145, not-affected 68, needed 5, needs-triage 1.	https://ubuntu.com/security/CVE-2022-50870

Affected software / configurations for CVE-2022-50870

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2022-50870

URL	Tags
https://git.kernel.org/stable/c/06a07fbb32b3a23eec20a42b1e64474da0a3b33e
https://git.kernel.org/stable/c/464d10e8d797454e16a173ef1292a446b2adf21c
https://git.kernel.org/stable/c/698e682c849e356fb47a8be47ca8baa817cf31e0
https://git.kernel.org/stable/c/c2fa91abf22a705cf02f886cd99cff41f4ceda60
https://git.kernel.org/stable/c/d8939315b7342860df143afe0adda6212cdd3193
https://git.kernel.org/stable/c/e23822c7381c59d9e42e65771b6e17c71ed30ea7
https://git.kernel.org/stable/c/ed2213bfb192ab51f09f12e9b49b5d482c6493f3
https://git.kernel.org/stable/c/f2167f10fcca68ab9ae3f8d94d2c704c5541ac69

cvelogic Threat Intelligence