CVE-2022-50498
Analyzed Analyzed - Analysis Complete

BaseFortify

Vulnerability report for CVE-2022-50498, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-04

Last updated on: 2026-01-22

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: eth: alx: take rtnl_lock on resume Zbynek reports that alx trips an rtnl assertion on resume: RTNL: assertion failed at net/core/dev.c (2891) RIP: 0010:netif_set_real_num_tx_queues+0x1ac/0x1c0 Call Trace: <TASK> __alx_open+0x230/0x570 [alx] alx_resume+0x54/0x80 [alx] ? pci_legacy_resume+0x80/0x80 dpm_run_callback+0x4a/0x150 device_resume+0x8b/0x190 async_resume+0x19/0x30 async_run_entry_fn+0x30/0x130 process_one_work+0x1e5/0x3b0 indeed the driver does not hold rtnl_lock during its internal close and re-open functions during suspend/resume. Note that this is not a huge bug as the driver implements its own locking, and does not implement changing the number of queues, but we need to silence the splat.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-04
Last Modified
2026-01-22
Generated
2026-07-06
AI Q&A
2025-10-04
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.14 (inc) to 5.15.75 (exc)
linux linux_kernel From 5.16 (inc) to 5.19.17 (exc)
linux linux_kernel From 6.0 (inc) to 6.0.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's alx network driver. The issue occurs because the driver does not hold the rtnl_lock during its internal close and re-open functions during suspend and resume operations. This leads to an assertion failure (RTNL: assertion failed at net/core/dev.c) when the system resumes, as the driver trips an rtnl assertion. Although the driver implements its own locking and does not change the number of queues, this missing lock causes the assertion failure that needs to be addressed.

Impact Analysis

The impact of this vulnerability is limited because the driver has its own locking mechanisms and does not change the number of queues. The main issue is that it causes an assertion failure during resume, which could lead to kernel warnings or instability related to the network driver during suspend/resume cycles. It is not considered a major bug but needs to be fixed to prevent these assertion failures.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50498. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart