CVE-2022-50498
BaseFortify
Publication date: 2025-10-04
Last updated on: 2026-01-22
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.14 (inc) to 5.15.75 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 5.19.17 (exc) |
| linux | linux_kernel | From 6.0 (inc) to 6.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's alx network driver. The issue occurs because the driver does not hold the rtnl_lock during its internal close and re-open functions during suspend and resume operations. This leads to an assertion failure (RTNL: assertion failed at net/core/dev.c) when the system resumes, as the driver trips an rtnl assertion. Although the driver implements its own locking and does not change the number of queues, this missing lock causes the assertion failure that needs to be addressed.
How can this vulnerability impact me? :
The impact of this vulnerability is limited because the driver has its own locking mechanisms and does not change the number of queues. The main issue is that it causes an assertion failure during resume, which could lead to kernel warnings or instability related to the network driver during suspend/resume cycles. It is not considered a major bug but needs to be fixed to prevent these assertion failures.