CVE-2022-50509

5.5 MEDIUM

📋 TL;DR

This CVE is a NULL pointer dereference vulnerability in the Linux kernel's CODA media driver. If exploited, it could cause a kernel panic leading to denial of service. Systems running vulnerable Linux kernel versions with the CODA media driver loaded are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable versions not explicitly stated in CVE, but patches exist in stable kernel trees.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if the CODA media driver (media: coda) is loaded and active. Many systems may not have this driver loaded by default.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical reboot.

🟠

Likely Case

System crash or instability when processing specific media files through the CODA driver.

🟢

If Mitigated

No impact if the CODA driver is not loaded or the system is patched.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger specific media processing.
🏢 Internal Only: MEDIUM - Could be exploited by malicious users or processes on the system.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering the specific code path where kmalloc fails and the NULL check is missing. Likely requires crafted media input.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (commits referenced in CVE).

Vendor Advisory: https://git.kernel.org/stable/c/0209e70ad496c1fcd85c2ec70e6736fd09f95d14

Restart Required: Yes

Instructions:

1. Update Linux kernel to a version containing the fix. 2. Check with your distribution for specific kernel updates. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Unload CODA driver

linux

Prevent exploitation by unloading the vulnerable CODA media driver module.

sudo rmmod coda

Blacklist CODA driver

linux

Prevent CODA driver from loading at boot.

echo 'blacklist coda' | sudo tee /etc/modprobe.d/blacklist-coda.conf

🧯 If You Can't Patch

  • Unload or blacklist the CODA media driver module.
  • Restrict user access to media processing tools that might trigger the vulnerable code path.

🔍 How to Verify

Check if Vulnerable:

Check if CODA driver is loaded: lsmod | grep coda. If loaded and kernel is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or CODA driver is not loaded.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • System crash/reboot events

Network Indicators:

  • None - local vulnerability

SIEM Query:

Search for kernel panic events or unexpected system reboots.

📊 Metadata

CVE ID: CVE-2022-50509
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: October 7, 2025
Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50509, you might also want to check these:

CVE-2023-53621 7.8

A race condition in the Linux kernel's memory controller (memcontrol) subsystem can cause a NULL poi...

Same vulnerability type (CWE-476)
CVE-2025-63655 7.5

This vulnerability allows attackers to crash Monkey web servers by sending specially crafted HTTP re...

Same vulnerability type (CWE-476)
CVE-2025-68699 6.5

CVE-2025-68699 is a NULL pointer dereference vulnerability in NanoMQ MQTT Broker that allows remote ...

Same vulnerability type (CWE-476)