CVE-2022-50512: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50512 is a vulnerability in the Linux kernel's ext4 filesystem component, discovered and disclosed on October 7, 2025. The vulnerability specifically affects the ext4fcrecordregions() function, where a potential memory leak can occur when krealloc returns NULL, leading to state->fcregions memory not being properly freed (NVD).

The vulnerability occurs in the ext4 filesystem's fast commit feature where the ext4fcrecordregions() function improperly handles memory allocation. When krealloc returns NULL, the state->fcregions memory is not freed properly because state->fc_regions is already set to NULL. This results in a memory leak condition. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access required with low complexity (Red Hat).

The primary impact of this vulnerability is a memory leak in the Linux kernel's ext4 filesystem component. While this does not lead to direct system compromise, it can result in system resource degradation over time as memory is not properly freed, potentially affecting system availability (Red Hat).

The vulnerability has been fixed in various Linux distributions. Ubuntu has released fixes in version 5.15.0-60.66 for Ubuntu 22.04 LTS and version 5.15.0-60.66~20.04.1 for Ubuntu 20.04 LTS. Red Hat has addressed the issue in Red Hat Enterprise Linux 9 with kernel version 5.14.0-284.11.1.el9_2 (Ubuntu, Red Hat).