Security readout for executives and security teams
Plain-English summary
This is a Linux kernel issue affecting MIPS systems under specific CPU mask and debug configuration options. Showing /proc/cpuinfo can trigger a kernel runtime warning. The public record does not show privilege escalation, remote attack, data theft, or active exploitation evidence.
Executive priority
Treat as low operational priority unless you operate MIPS Linux fleets or custom kernels. Patch through normal kernel maintenance. Escalation is only justified if warnings disrupt monitoring, compliance evidence, or production stability.
Technical view
The MIPS cpuinfo path iterated CPUs using NR_CPUS instead of the runtime nr_cpu_ids limit. With CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS enabled, that mismatch can trigger cpu_max_bits_warn() while show_cpuinfo reads /proc/cpuinfo. Kernel stable commits correct the iteration bound.
Likely exposure
Exposure appears limited to Linux MIPS kernels, including Loongson-like environments, built with the named configuration combination. Standard non-MIPS systems are not indicated as affected by the provided sources.
Exploitation context
The bundle reports no KEV listing, no CVSS score, no CWE, and no cited active exploitation. The described trigger is local observation of /proc/cpuinfo causing a runtime warning, not a documented weaponized attack path.
Researcher notes
Evidence supports a correctness and warning fix in MIPS /proc/cpuinfo handling. The record lacks impact scoring and exploitation data, so avoid overstating security consequence. Validate affectedness through architecture, kernel config, and inclusion of the stable commits.
Mitigation direction
Update affected Linux kernels through the relevant vendor or stable branch.
For custom kernels, verify the MIPS cpuinfo fix uses nr_cpu_ids.
Check distribution advisories before assuming package-level exposure or fixes.
Avoid debug-only kernel options in production unless operationally required.
Validation and detection
Inventory systems running Linux on MIPS or Loongson hardware.
Review kernel configuration for CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS.
Check kernel version or source against the referenced stable commits.
Review logs for cpu_max_bits_warn() or show_cpuinfo runtime warnings.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-50210 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
10Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Jun 18, 2025, 11:03 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.