PT-2025-38336 · Linux+4 · Linux Kernel+4

Published

2022-12-22

Updated

2025-11-28

CVE-2022-50388

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 5.15.67

Description A flaw exists in the Linux kernel's NVMe subsystem related to handling flush requests when blktrace is enabled with multipath activated. Specifically, a NULL pointer dereference within the blk add trace bio complete function can occur, leading to a kernel crash. This issue arises when a flush request with a NULL bio is processed during I/O completion.

Recommendations Update the Linux Kernel to a version newer than 5.15.67 to resolve this issue.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-02437

CESA-2023_7077

CVE-2022-50388

RHSA-2023:2458

RHSA-2023:7077

RHSA-2023_2458

RHSA-2023_7077

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

SUSE-SU-2025:4135-1

SUSE-SU-2025:4171-1

SUSE-SU-2025:4172-1

SUSE-SU-2025:4188-1

SUSE-SU-2025:4203-1

SUSE-SU-2025:4213-1

SUSE-SU-2025:4285-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2025-38336 · Linux+4 · Linux Kernel+4

CVE-2022-50388

Weakness Enumeration

Related Identifiers

Affected Products

References · 964