Security readout for executives and security teams
Plain-English summary
This Linux kernel issue can cause a boot-time kernel warning/oops on systems whose ACPI FPDT firmware table contains invalid physical addresses. The public record ties it to a specific hardware/firmware condition, not a remote attack path. Business urgency is mainly for fleets using affected kernel versions on problematic firmware or embedded/legacy devices.
Executive priority
Handle through normal kernel maintenance unless affected devices show boot failures or instability. Escalate for critical systems on listed kernel versions with legacy hardware or firmware anomalies. There is no sourced evidence of active exploitation or remote compromise.
Technical view
The ACPI FPDT initialization path called acpi_os_map_memory() before validating a physical address. If firmware supplied an address outside the CPU-supported physical address range, ioremap could WARN and oops during early boot. The fix adds physical address validation before mapping. References point to Linux stable commits addressing the issue.
Likely exposure
Exposure appears limited to Linux systems running affected kernel versions where firmware exposes malformed FPDT physical addresses. The source bundle lists Linux kernel versions including 5.12, 5.15.75, 5.19.17, 6.0.3, and 6.1 as affected, but distribution-specific status must be confirmed.
Exploitation context
No CISA KEV listing is indicated, and the supplied sources do not report active exploitation. Triggering depends on ACPI firmware table contents during boot. The documented impact is an oops/stacktrace, suggesting availability or boot stability risk rather than remote compromise.
Researcher notes
The record lacks CVSS, CWE, and detailed affected range semantics. The key condition is malformed FPDT data with high physical address bits outside CPU range. Validate distro backports rather than relying only on upstream version numbers, because Linux vendors often patch without changing major kernel version.
Mitigation direction
Check vendor or distribution advisories for CVE-2022-50320 kernel updates.
Upgrade to a kernel containing the referenced Linux stable fixes.
Prioritize legacy or embedded systems with unusual ACPI firmware behavior.
If patching is delayed, monitor boot stability on affected hardware classes.
Validation and detection
Inventory Linux kernel versions across managed systems.
Compare installed kernels against vendor advisories for this CVE.
Review boot logs for FPDT, ioremap, invalid physical address, or oops messages.
Confirm the running kernel includes the referenced upstream fix commits.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-50320 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
5Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Sep 15, 2025, 14:48 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.