CVE-2022-50554Missing Synchronization in Linux

CWE-820Missing Synchronization6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 7
Latest updateApr 20

Description

In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq() because of early timeout David Jeffery found one double ->queue_rq() issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault in vCPU pthread, then block IO req could be timed out before queuing the request to hardware but after calling blk_mq_start_request() during ->queue_rq(), then timeout handler may handle it by

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel4.186.0.16+1
Debianlinux/linux_kernel< 6.1.4-1+2
CVEListV5linux/linux12f5b93145450c750f315657ef239a314811aeeb7a73c54a3750895888ab586896736c9434e062a1+3
debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
VulDB
Linux Kernel up to 6.0.15/6.1.1 driver queue_rq memory corruption (Nessus ID 284764 / WID-SEC-2025-2229)2026-04-20
GHSA
GHSA-rmfg-487h-3qfx: In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq() because of early timeout David Jeffery found o2025-10-07
OSV
CVE-2022-50554: In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq() because of early timeout David Jeffery found one2025-10-07

📋Vendor Advisories

2
Red Hat
kernel: blk-mq: avoid double ->queue_rq() because of early timeout2025-10-07
Debian
CVE-2022-50554: linux - In the Linux kernel, the following vulnerability has been resolved: blk-mq: avo...2022