CVE-2022-50555 – A null pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2022-50555?

CVE-2022-50555 has a CVSS score of 5.5 (MEDIUM). A null pointer dereference vulnerability in the Linux kernel's TIPC (Transparent Inter-Process Communication) subsystem allows local denial of service. When exploited, it causes kernel crashes in systems using TIPC networking. This affects Linux systems with TIPC enabled, typically in clustered or high-availability environments.

📋 TL;DR

A null pointer dereference vulnerability in the Linux kernel's TIPC (Transparent Inter-Process Communication) subsystem allows local denial of service. When exploited, it causes kernel crashes in systems using TIPC networking. This affects Linux systems with TIPC enabled, typically in clustered or high-availability environments.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific kernel versions with the vulnerable TIPC code (check git commits for exact ranges)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if TIPC networking is enabled and in use. Many distributions don't enable TIPC by default.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and complete denial of service, requiring physical or remote console access to reboot.

🟠

Likely Case

Local denial of service causing system instability or crashes when TIPC services are manipulated.

🟢

If Mitigated

Minimal impact if TIPC is disabled or systems are properly patched.

🌐 Internet-Facing: LOW - This is a local privilege vulnerability requiring access to the system.

🏢 Internal Only: MEDIUM - Internal users or compromised services could trigger the vulnerability to crash systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Syzbot found and reported the crash. Exploitation requires local access to trigger the race condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 24b129aed8730e48f47d852d58d76825ab6f407c or later

Vendor Advisory: https://git.kernel.org/stable/c/24b129aed8730e48f47d852d58d76825ab6f407c

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify TIPC functionality if required.

🔧 Temporary Workarounds

Disable TIPC module

linux

Prevent loading of TIPC kernel module if not required

echo 'install tipc /bin/true' >> /etc/modprobe.d/disable-tipc.conf
rmmod tipc

Blacklist TIPC module

linux

Blacklist TIPC module to prevent automatic loading

echo 'blacklist tipc' >> /etc/modprobe.d/blacklist-tipc.conf

🧯 If You Can't Patch

Disable TIPC functionality if not required for system operation
Implement strict access controls to prevent unauthorized local users from accessing TIPC services

🔍 How to Verify

Check if Vulnerable:

Check if TIPC module is loaded: lsmod | grep tipc. If loaded and kernel version is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version is patched and TIPC module loads without issues. Monitor system logs for crashes.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
KASAN null-ptr-deref errors in dmesg
System crashes with tipc_topsrv_accept in stack trace

Network Indicators:

Unusual TIPC connection attempts if monitoring network traffic

SIEM Query:

source="kernel" AND ("KASAN: null-ptr-deref" OR "tipc_topsrv_accept" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2022-50555

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: October 7, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50555, you might also want to check these: