CVE-2022-50534: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50534 is a vulnerability in the Linux kernel's dm thin pool btree lookup code that was discovered and disclosed on October 7, 2025. The issue affects the dm-thin-pool module and can result in a softlock up problem due to corrupted metadata (NVD).

The vulnerability occurs when a transaction partially writes updated nodes and then fails, causing the pointer used for lookups to point into a broken tree. This can result in dm thin becoming trapped in an infinite loop while looking up data blocks. The issue manifests when a broken btree gets mixed with fresh and stale btree nodes during transactions. The vulnerability has a CVSS v3.1 score of 4.7 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) (RedHat).

When exploited, this vulnerability can cause a kernel panic and system softlock up, leading to system unavailability. The issue specifically affects the dm thin pool's ability to properly handle btree lookups, which can result in the system becoming trapped in an infinite loop (NVD).

The fix involves setting pmd->root in __open_metadata(), ensuring that dm thin will use the last transaction's pmd->root if a commit fails. As a workaround, users can prevent the dm_thin_pool module from being loaded. For systems where this is not feasible, Red Hat provides instructions on how to blacklist a kernel module to prevent it from loading automatically (RedHat).