CVE-2022-50350
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between login_work and the login thread In case a malicious initiator sends some random data immediately after a login PDU; the iscsi_target_sk_data_ready() callback will schedule the login_work and, at the same time, the negotiation may end without clearing the LOGIN_FLAGS_INITIAL_PDU flag (because no additional PDU exchanges are required to complete the login). The login has been completed but the login_work function will find the LOGIN_FLAGS_INITIAL_PDU flag set and will never stop from rescheduling itself; at this point, if the initiator drops the connection, the iscsit_conn structure will be freed, login_work will dereference a released socket structure and the kernel crashes. BUG: kernel NULL pointer dereference, address: 0000000000000230 PF: supervisor write access in kernel mode PF: error_code(0x0002) - not-present page Workqueue: events iscsi_target_do_login_rx [iscsi_target_mod] RIP: 0010:_raw_read_lock_bh+0x15/0x30 Call trace: iscsi_target_do_login_rx+0x75/0x3f0 [iscsi_target_mod] process_one_work+0x1e8/0x3c0 Fix this bug by forcing login_work to stop after the login has been completed and the socket callbacks have been restored. Add a comment to clearify the return values of iscsi_target_do_login()
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-01
Generated
2026-05-07
AI Q&A
2025-09-16
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50350
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 3.12 (inc) to 6.0.16 (exc)
linux linux_kernel From 6.1 (inc) to 6.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a race condition in the Linux kernel's iSCSI target implementation. When a malicious initiator sends random data immediately after a login PDU, the login_work function keeps rescheduling itself due to a flag not being cleared properly. If the initiator then drops the connection, the kernel attempts to access freed memory, causing a NULL pointer dereference and a kernel crash.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference triggered by a malicious iSCSI initiator. This can lead to denial of service on affected systems running the vulnerable kernel.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart