CVE-2022-50575 in kernel-source | CVE-2022-50575

Q: How to fix?

Upgrade SLES:15.4 kernel-source to version 5.14.21-150400.24.184.1 or higher.

Threat Intelligence

0.03% (9^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-SLES154-KERNELSOURCE-14043348
published18 Nov 2025
disclosed15 Nov 2025

Report a new vulnerability Found a mistake?

Introduced: 15 Nov 2025

NewCVE-2022-50575 (opens in a new tab)

How to fix?

Upgrade SLES:15.4 kernel-source to version 5.14.21-150400.24.184.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-source package and not the kernel-source package as distributed by SLES. See How to fix? for SLES:15.4 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()

As 'kdata.num' is user-controlled data, if user tries to allocate memory larger than(>=) MAX_ORDER, then kcalloc() will fail, it creates a stack trace and messes up dmesg with a warning.

Call trace: -> privcmd_ioctl --> privcmd_ioctl_mmap_resource

Add __GFP_NOWARN in order to avoid too large allocation warning. This is detected by static analysis using smatch.

References

CVSS Base Scores

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Privileges Required (PR)
Low
User Interaction (UI)
None

Scope (S)
Unchanged

Confidentiality (C)
None
Integrity (I)
None
Availability (A)
None

CVE-2022-50575 Affecting kernel-source package, versions <5.14.21-150400.24.184.1

Severity