CVE-2022-50476
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-04

Last updated on: 2025-10-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ntb_netdev: Use dev_kfree_skb_any() in interrupt context TX/RX callback handlers (ntb_netdev_tx_handler(), ntb_netdev_rx_handler()) can be called in interrupt context via the DMA framework when the respective DMA operations have completed. As such, any calls by these routines to free skb's, should use the interrupt context safe dev_kfree_skb_any() function. Previously, these callback handlers would call the interrupt unsafe version of dev_kfree_skb(). This has not presented an issue on Intel IOAT DMA engines as that driver utilizes tasklets rather than a hard interrupt handler, like the AMD PTDMA DMA driver. On AMD systems, a kernel WARNING message is encountered, which is being issued from skb_release_head_state() due to in_hardirq() being true. Besides the user visible WARNING from the kernel, the other symptom of this bug was that TCP/IP performance across the ntb_netdev interface was very poor, i.e. approximately an order of magnitude below what was expected. With the repair to use dev_kfree_skb_any(), kernel WARNINGs from skb_release_head_state() ceased and TCP/IP performance, as measured by iperf, was on par with expected results, approximately 20 Gb/s on AMD Milan based server. Note that this performance is comparable with Intel based servers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-04
Last Modified
2025-10-06
Generated
2026-05-07
AI Q&A
2025-10-04
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50476
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's ntb_netdev network driver where TX/RX callback handlers were incorrectly using an interrupt-unsafe function (dev_kfree_skb()) to free socket buffers (skb) in interrupt context. This misuse caused kernel WARNING messages on AMD systems and degraded TCP/IP network performance. The issue was fixed by switching to the interrupt-safe function dev_kfree_skb_any() in these handlers.


How can this vulnerability impact me? :

The vulnerability can cause kernel WARNING messages on AMD systems and significantly reduce TCP/IP network performance across the ntb_netdev interface, resulting in throughput approximately an order of magnitude below expected levels. This can impact network reliability and performance on affected systems.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for kernel WARNING messages related to skb_release_head_state() indicating in_hardirq() is true. Additionally, poor TCP/IP performance across the ntb_netdev interface, significantly below expected throughput (e.g., much less than 20 Gb/s on AMD Milan based servers), can be a symptom. Specific commands to check kernel warnings include: `dmesg | grep skb_release_head_state` or `journalctl -k | grep skb_release_head_state`. Network performance can be tested using tools like `iperf` to measure TCP/IP throughput over the ntb_netdev interface.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to update the Linux kernel to a version where the ntb_netdev driver uses the interrupt context safe function dev_kfree_skb_any() instead of the unsafe dev_kfree_skb() in the TX/RX callback handlers. This update resolves the kernel WARNINGs and restores expected TCP/IP performance. Until the update is applied, monitoring for kernel warnings and performance degradation is advised.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart