LiveActive security incident?Get immediate response
CVE Record

CVE-2022-50210: MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

In the Linux kernel, the following vulnerability has been resolved: MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] Modules linked in: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 [ 3.084034] Hardware name: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27 [ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa [ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Call Trace: [ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<980000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ end trace 8b484262b4b8c24c ]---

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel issue affecting MIPS systems under specific CPU mask and debug configuration options. Showing /proc/cpuinfo can trigger a kernel runtime warning. The public record does not show privilege escalation, remote attack, data theft, or active exploitation evidence.

Executive priority

Treat as low operational priority unless you operate MIPS Linux fleets or custom kernels. Patch through normal kernel maintenance. Escalation is only justified if warnings disrupt monitoring, compliance evidence, or production stability.

Technical view

The MIPS cpuinfo path iterated CPUs using NR_CPUS instead of the runtime nr_cpu_ids limit. With CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS enabled, that mismatch can trigger cpu_max_bits_warn() while show_cpuinfo reads /proc/cpuinfo. Kernel stable commits correct the iteration bound.

Likely exposure

Exposure appears limited to Linux MIPS kernels, including Loongson-like environments, built with the named configuration combination. Standard non-MIPS systems are not indicated as affected by the provided sources.

Exploitation context

The bundle reports no KEV listing, no CVSS score, no CWE, and no cited active exploitation. The described trigger is local observation of /proc/cpuinfo causing a runtime warning, not a documented weaponized attack path.

Researcher notes

Evidence supports a correctness and warning fix in MIPS /proc/cpuinfo handling. The record lacks impact scoring and exploitation data, so avoid overstating security consequence. Validate affectedness through architecture, kernel config, and inclusion of the stable commits.

Mitigation direction

  • Update affected Linux kernels through the relevant vendor or stable branch.
  • For custom kernels, verify the MIPS cpuinfo fix uses nr_cpu_ids.
  • Check distribution advisories before assuming package-level exposure or fixes.
  • Avoid debug-only kernel options in production unless operationally required.

Validation and detection

  • Inventory systems running Linux on MIPS or Loongson hardware.
  • Review kernel configuration for CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS.
  • Check kernel version or source against the referenced stable commits.
  • Review logs for cpu_max_bits_warn() or show_cpuinfo runtime warnings.
Prepared
Confidence
medium
Sources
11

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-50210 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
10Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxae7a47e72e1a0b5e2b46d1596bc2c22942a73023, ae7a47e72e1a0b5e2b46d1596bc2c22942a73023, ae7a47e72e1a0b5e2b46d1596bc2c22942a73023, ae7a47e72e1a0b5e2b46d1596bc2c22942a73023, ae7a47e72e1a0b5e2b46d1596bc2c22942a73023, ae7a47e72e1a0b5e2b46d1596bc2c22942a73023, ae7a47e72e1a0b5e2b46d1596bc2c22942a73023, ae7a47e72e1a0b5e2b46d1596bc2c22942a73023, ae7a47e72e1a0b5e2b46d1596bc2c22942a73023unaffected
LinuxLinux2.6.29, 0, 4.9.326, 4.14.291, 4.19.256, 5.4.211, 5.10.137, 5.15.61, 5.18.18, 5.19.2, 6.0affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.