CVE-2022-50676Deadlock in Linux

CWE-833Deadlock6 documents5 sources
Severity
4.7MEDIUM
No vector
EPSS
0.1%
top 80.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() syzbot is reporting lockdep warning at rds_tcp_reset_callbacks() [1], for commit ac3615e7f3cffe2a ("RDS: TCP: Reduce code duplication in rds_tcp_reset_callbacks()") added cancel_delayed_work_sync() into a section protected by lock_sock() without realizing that rds_send_xmit() might call lock_sock(). We don't need to protect cancel_delayed_work_

Affected Packages4 packages

Linuxlinux/linux_kernel4.8.04.9.331+7
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linuxac3615e7f3cffe2a1a6b25172dfd09e138593d825d2ba255e93211e541373469dffbda7c99dfa0e5+9
debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-3p2f-fj9w-3jg5: In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks(2025-12-09
OSV
net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()2025-12-09
OSV
CVE-2022-50676: In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()2025-12-09
Debian
CVE-2022-50676: linux - In the Linux kernel, the following vulnerability has been resolved: net: rds: d...2022