What is the CVSS score of CVE-2022-50511?

CVE-2022-50511 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Linux Kernel are affected by CVE-2022-50511?

CVE-2022-50511 presents moderate security risk rated CVSS 5.5. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2022-50511?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Linux Kernel CVE-2022-50511

MEDIUM

2025-10-07 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Denial Of Service Linux Integer Overflow Red Hat Linux Kernel Suse

5.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 17, 2026 - 20:45 vuln.today

Patch released

Mar 17, 2026 - 20:45 nvd

Patch available

CVE Published

Oct 07, 2025 - 16:15 nvd

MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

lib/fonts: fix undefined behavior in bit shift for get_default_font

Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below:

UBSAN: shift-out-of-bounds in lib/fonts/fonts.c:139:20 left shift of 1 by 31 places cannot be represented in type 'int' <TASK> dump_stack_lvl+0x7d/0xa5 dump_stack+0x15/0x1b ubsan_epilogue+0xe/0x4e __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c get_default_font+0x1c7/0x1f0 fbcon_startup+0x347/0x3a0 do_take_over_console+0xce/0x270 do_fbcon_takeover+0xa1/0x170 do_fb_registered+0x2a8/0x340 fbcon_fb_registered+0x47/0xe0 register_framebuffer+0x294/0x4a0 __drm_fb_helper_initial_config_and_unlock+0x43c/0x880 [drm_kms_helper] drm_fb_helper_initial_config+0x52/0x80 [drm_kms_helper] drm_fbdev_client_hotplug+0x156/0x1b0 [drm_kms_helper] drm_fbdev_generic_setup+0xfc/0x290 [drm_kms_helper] bochs_pci_probe+0x6ca/0x772 [bochs] local_pci_probe+0x4d/0xb0 pci_device_probe+0x119/0x320 really_probe+0x181/0x550 __driver_probe_device+0xc6/0x220 driver_probe_device+0x32/0x100 __driver_attach+0x195/0x200 bus_for_each_dev+0xbb/0x120 driver_attach+0x27/0x30 bus_add_driver+0x22e/0x2f0 driver_register+0xa9/0x190 __pci_register_driver+0x90/0xa0 bochs_pci_driver_init+0x52/0x1000 [bochs] do_one_initcall+0x76/0x430 do_init_module+0x61/0x28a load_module+0x1f82/0x2e50 __do_sys_finit_module+0xf8/0x190 __x64_sys_finit_module+0x23/0x30 do_syscall_64+0x58/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd </TASK>

AnalysisAI

This vulnerability is an undefined behavior issue in the Linux kernel's font handling code where a signed 32-bit left shift by 31 bits violates C language semantics, detected by UBSAN (Undefined Behavior Sanitizer). The vulnerability affects multiple Linux kernel versions starting from 2.6.23 and can be triggered by local users with low privileges during framebuffer console initialization, leading to denial of service through undefined behavior exploitation. While the EPSS score is extremely low at 0.01% (percentile 3%), patches are available from the kernel vendor and the issue has been resolved in stable releases.

Technical ContextAI

The vulnerability exists in lib/fonts/fonts.c in the get_default_font() function, where a signed integer (type 'int') undergoes a left bit shift operation by 31 positions. In C, shifting a signed value such that the result cannot be represented in the type's range constitutes undefined behavior. The affected code path is triggered during framebuffer console startup (fbcon_startup), which executes during display driver registration and initialization. The root cause falls under integer overflow and bit manipulation errors. Per CPE data, all Linux kernel versions are potentially affected, with explicit mention of versions from 2.6.23 through recent releases. The vulnerable code is activated when graphics drivers like DRM (Direct Rendering Manager) and framebuffer helpers initialize, particularly during PCI device probing of graphics hardware such as BOCHS or other display adapters.

RemediationAI

Update the Linux kernel to a patched version incorporating one of the stable fixes referenced at kernel.org (commits 6fe888c4d2fb174408e4540bb2d5602b9f507f90 or later). The primary remediation is a simple code change converting the bit shift operand from 'int' to 'unsigned int' in lib/fonts/fonts.c line 139, which eliminates the undefined behavior. Linux distributions should apply this patch through their standard kernel update mechanisms—users should upgrade via their distribution's package manager (apt, yum, dnf, pacman, etc.) to the latest stable kernel version for their supported branch. No interim workarounds are necessary or available, as the vulnerability only manifests during normal driver initialization; however, disabling framebuffer console drivers (if not required for system operation) could prevent triggering the code path. Verify patched kernel versions via kernel.org stable releases or distribution security advisories.