CVE-2022-50255

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the tracing subsystem related to handling synthetic events. Specifically, the synthetic event field "char file[]" can read a string value without validating the memory address, potentially leading to a crash when accessing user space addresses via functions like strlen() and strscpy(). The issue occurs when executing commands that involve creating and enabling synthetic events with file paths.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-20

Related Identifiers

BDU:2026-05953

CVE-2022-50255

OESA-2025-2349

OESA-2025-2350

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Astra Linux

Debian

Linux Kernel

Suse

CVE-2022-50255

Weakness Enumeration

Related Identifiers

Affected Products

References · 883