What is the CVSS score of CVE-2022-50518?

CVE-2022-50518 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Linux Kernel are affected by CVE-2022-50518?

CVE-2022-50518 presents notable security risk rated CVSS 7.8. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2022-50518?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Linux Kernel CVE-2022-50518

HIGH

Improper Locking (CWE-667)

2025-10-07 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Buffer Overflow Linux Race Condition Red Hat Linux Kernel Suse

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 17, 2026 - 20:45 vuln.today

Patch released

Mar 17, 2026 - 20:45 nvd

Patch available

CVE Published

Oct 07, 2025 - 16:15 nvd

HIGH 7.8

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

parisc: Fix locking in pdc_iodc_print() firmware call

Utilize pdc_lock spinlock to protect parallel modifications of the iodc_dbuf[] buffer, check length to prevent buffer overflow of iodc_dbuf[], drop the iodc_retbuf[] buffer and fix some wrong indentings.

AnalysisAI

A race condition vulnerability exists in the Linux kernel's parisc architecture-specific firmware call pdc_iodc_print() that allows local attackers to cause buffer overflows and potentially execute arbitrary code. The vulnerability affects Linux kernel versions from 2.6.25 through versions before the patched releases, requiring local access with low privileges to exploit. With an EPSS score of only 0.01%, this vulnerability has very low exploitation likelihood in the wild despite its high CVSS score of 7.8.

Technical ContextAI

The vulnerability occurs in the PA-RISC (parisc) architecture-specific code within the Linux kernel, specifically in the pdc_iodc_print() firmware call function that interfaces with the Processor Dependent Code (PDC) firmware. The root cause is improper synchronization (CWE-667) where the pdc_lock spinlock was not properly utilized to protect the iodc_dbuf[] buffer from concurrent modifications by multiple threads. This creates a race condition where simultaneous access to the buffer can lead to buffer overflows, as the function also failed to properly validate buffer lengths before writing data.

RemediationAI

Apply the available kernel patches by updating to a patched Linux kernel version that includes commits 04a603058e70b8b881bb7860b8bd649f931f2591, 553bc5890ed96a8d006224c3a4673c47fee0d12a, or 7236aae5f81f3efbd93d0601e74fc05994bc2580 depending on your kernel branch (see https://git.kernel.org/stable/c/ links). For systems that cannot be immediately patched, limit local access to trusted users only and monitor for unusual system behavior or crashes related to firmware calls. Note that this vulnerability only affects PA-RISC architecture systems, so x86, ARM, and other architectures are not impacted.