CVE-2022-50569: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50569 is a vulnerability in the Linux kernel's XFRM subsystem, specifically related to the handling of IPComp scratches memory management. The issue was disclosed on October 22, 2025, affecting the Linux kernel's memory management functionality (NVD).

The vulnerability occurs when ipcompallocscratches() fails to allocate memory, causing ipcompscratches to retain an obsolete address. When ipcompfree_scratches() is subsequently called, it attempts to vfree non-existent virtual memory areas. The issue manifests as a double-free or invalid free condition, leading to system warnings or crashes. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (medium) with attack vector being Local, attack complexity Low, and privileges required Low (Red Hat).

The vulnerability can result in a total loss of availability, with the attacker being able to cause system crashes through invalid memory operations. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (Snyk).

The fix involves updating ipcompscratches with NULL when scratches are freed, preventing subsequent attempts to free stale memory. Red Hat has released patches for affected versions: RHEL 8 (kernel-0:4.18.0-477.10.1.el88) and RHEL 9 (kernel-0:5.14.0-284.11.1.el9_2). For RHEL 7, the fix is currently deferred (Red Hat).