CVE-2022-50498
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-10-04

Last updated on: 2026-01-22

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: eth: alx: take rtnl_lock on resume Zbynek reports that alx trips an rtnl assertion on resume: RTNL: assertion failed at net/core/dev.c (2891) RIP: 0010:netif_set_real_num_tx_queues+0x1ac/0x1c0 Call Trace: <TASK> __alx_open+0x230/0x570 [alx] alx_resume+0x54/0x80 [alx] ? pci_legacy_resume+0x80/0x80 dpm_run_callback+0x4a/0x150 device_resume+0x8b/0x190 async_resume+0x19/0x30 async_run_entry_fn+0x30/0x130 process_one_work+0x1e5/0x3b0 indeed the driver does not hold rtnl_lock during its internal close and re-open functions during suspend/resume. Note that this is not a huge bug as the driver implements its own locking, and does not implement changing the number of queues, but we need to silence the splat.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-04
Last Modified
2026-01-22
Generated
2026-06-16
AI Q&A
2025-10-04
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50498
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.14 (inc) to 5.15.75 (exc)
linux linux_kernel From 5.16 (inc) to 5.19.17 (exc)
linux linux_kernel From 6.0 (inc) to 6.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's alx network driver. The issue occurs because the driver does not hold the rtnl_lock during its internal close and re-open functions during suspend and resume operations. This leads to an assertion failure (RTNL: assertion failed at net/core/dev.c) when the system resumes, as the driver trips an rtnl assertion. Although the driver implements its own locking and does not change the number of queues, this missing lock causes the assertion failure that needs to be addressed.

Impact Analysis

The impact of this vulnerability is limited because the driver has its own locking mechanisms and does not change the number of queues. The main issue is that it causes an assertion failure during resume, which could lead to kernel warnings or instability related to the network driver during suspend/resume cycles. It is not considered a major bug but needs to be fixed to prevent these assertion failures.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50498. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart