CVE-2022-50314
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 4.14.296 (exc) |
| linux | linux_kernel | From 4.15 (inc) to 4.19.262 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.220 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.150 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.75 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 5.19.17 (exc) |
| linux | linux_kernel | From 6.0 (inc) to 6.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a hang issue in the Linux kernel's Network Block Device (nbd) subsystem. Specifically, when a signal interrupts the function nbd_start_device_ioctl() while it is waiting for a condition related to recv_threads to be zero, the task can hang because it waits indefinitely for the completion of inflight IO operations. The problem occurs because the queue is not properly cleared on signal interrupt, only shut down, causing the hang. The fix involves clearing the queue to prevent the hang.
How can this vulnerability impact me? :
This vulnerability can cause the affected Linux system to hang or become unresponsive when using the nbd subsystem under certain conditions involving signal interrupts. This can lead to denial of service or system instability, impacting availability of services relying on nbd devices.