CVE-2022-50285Missing Synchronization in Linux

CWE-820Missing Synchronization5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages The h->*_huge_pages counters are protected by the hugetlb_lock, but alloc_huge_page has a corner case where it can decrement the counter outside of the lock. This could lead to a corrupted value of h->resv_huge_pages, which we have observed on our systems. Take the hugetlb_lock before decrementing h->resv_huge_pages to avoid a potential race.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel4.3.64.4+9
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linuxa88c769548047b21f76fd71e04b6a3300ff171603e50a07b6a5fcd39df1534d3fdaca4292a65efe6+9
debiandebian/linux< linux 6.0.6-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2022-50285: In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages The h->*_huge2025-09-15
GHSA
GHSA-m6mf-ph7p-75j2: In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages The h->*_hu2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages2025-09-15
Debian
CVE-2022-50285: linux - In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb:...2022
CVE-2022-50285 — Missing Synchronization in Linux | cvebase