CVE-2022-50380
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-18

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm: /proc/pid/smaps_rollup: fix no vma's null-deref Commit 258f669e7e88 ("mm: /proc/pid/smaps_rollup: convert to single value seq_file") introduced a null-deref if there are no vma's in the task in show_smaps_rollup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-18
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-09-18
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50380
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.19 (inc) to 4.19.264 (exc)
linux linux_kernel From 4.20 (inc) to 5.4.221 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.152 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.76 (exc)
linux linux_kernel From 5.16 (inc) to 6.0.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a null pointer dereference in the Linux kernel's memory management code related to the /proc/pid/smaps_rollup interface. Specifically, a commit introduced a bug where if a process has no virtual memory areas (VMAs), the kernel code attempts to dereference a null pointer when showing smaps_rollup information, which can lead to a kernel crash or instability.

Impact Analysis

This vulnerability can cause the Linux kernel to crash or become unstable if a process with no VMAs triggers the smaps_rollup interface. This could lead to denial of service conditions on affected systems.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50380. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart