VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2022-50674

CVE-2022-50674

Description

In the Linux kernel, the following vulnerability has been resolved:

riscv: vdso: fix NULL deference in vdso_join_timens() when vfork

Testing tools/testing/selftests/timens/vfork_exec.c got below kernel log:

[ 6.838454] Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000000020 [ 6.842255] Oops [#1] [ 6.842871] Modules linked in: [ 6.844249] CPU: 1 PID: 64 Comm: vfork_exec Not tainted 6.0.0-rc3-rt15+ #8 [ 6.845861] Hardware name: riscv-virtio,qemu (DT) [ 6.848009] epc : vdso_join_timens+0xd2/0x110 [ 6.850097] ra : vdso_join_timens+0xd2/0x110 [ 6.851164] epc : ffffffff8000635c ra : ffffffff8000635c sp : ff6000000181fbf0 [ 6.852562] gp : ffffffff80cff648 tp : ff60000000fdb700 t0 : 3030303030303030 [ 6.853852] t1 : 0000000000000030 t2 : 3030303030303030 s0 : ff6000000181fc40 [ 6.854984] s1 : ff60000001e6c000 a0 : 0000000000000010 a1 : ffffffff8005654c [ 6.856221] a2 : 00000000ffffefff a3 : 0000000000000000 a4 : 0000000000000000 [ 6.858114] a5 : 0000000000000000 a6 : 0000000000000008 a7 : 0000000000000038 [ 6.859484] s2 : ff60000001e6c068 s3 : ff6000000108abb0 s4 : 0000000000000000 [ 6.860751] s5 : 0000000000001000 s6 : ffffffff8089dc40 s7 : ffffffff8089dc38 [ 6.862029] s8 : ffffffff8089dc30 s9 : ff60000000fdbe38 s10: 000000000000005e [ 6.863304] s11: ffffffff80cc3510 t3 : ffffffff80d1112f t4 : ffffffff80d1112f [ 6.864565] t5 : ffffffff80d11130 t6 : ff6000000181fa00 [ 6.865561] status: 0000000000000120 badaddr: 0000000000000020 cause: 000000000000000d [ 6.868046] [] timens_commit+0x38/0x11a [ 6.869089] [] timens_on_fork+0x72/0xb4 [ 6.870055] [] begin_new_exec+0x3c6/0x9f0 [ 6.871231] [] load_elf_binary+0x628/0x1214 [ 6.872304] [] bprm_execve+0x1f2/0x4e4 [ 6.873243] [] do_execveat_common+0x16e/0x1ee [ 6.874258] [] sys_execve+0x3c/0x48 [ 6.875162] [] ret_from_syscall+0x0/0x2 [ 6.877484] ---[ end trace 0000000000000000 ]---

This is because the mm->context.vdso_info is NULL in vfork case. From another side, mm->context.vdso_info either points to vdso info for RV64 or vdso info for compat, there's no need to bloat riscv's mm_context_t, we can handle the difference when setup the additional page for vdso.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in the Linux kernel's RISC-V vDSO time namespace handling can be triggered during vfork, leading to a local user may cause a denial of service.

Vulnerability

CVE-2022-50674 is a NULL pointer dereference vulnerability in the Linux kernel's RISC-V architecture, specifically in the vdso_join_timens() function. The bug occurs when a process performs a vfork() followed by an execve() while time namespaces are in use. During the fork. The vdso_join_timens() does not properly handle the case where the vDSO data pointer is NULL, leading to a kernel crash. The issue was discovered through the tools/testing/selftests/timens/vfork_exec.c` test, which triggers the condition and results in an 'Unable to handle kernel access to user memory without uaccess routines' Oops.

Exploitation

An attacker with local access to a RISC-V system can exploit this vulnerability by executing a specially crafted program that performs a vfork() and then immediately calls execve() while time namespaces are active. No special privileges are required beyond the ability to run user-space code. The attack surface is limited to systems running a vulnerable kernel version (6.0.0-rc3-rt15+ and likely earlier) on RISC-V hardware.

Impact

Successful exploitation causes a kernel NULL pointer dereference, leading to a system crash (denial of service). The kernel log shows the crash occurs in vdso_join_timens() called from timens_on_fork() during begin_new_exec(). There is no evidence of privilege escalation or arbitrary code execution from the available information.

Mitigation

The vulnerability is fixed in Linux kernel commits [1] and [2]. Users should update to a kernel version containing these patches. No workaround is documented; the fix ensures that vdso_join_timens_self pointer is properly checked before dereference.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

3
df30c4feba51
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f2419a6fbb4c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a8616d2dc193
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.