CVE-2022-50676
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() syzbot is reporting lockdep warning at rds_tcp_reset_callbacks() [1], for commit ac3615e7f3cffe2a ("RDS: TCP: Reduce code duplication in rds_tcp_reset_callbacks()") added cancel_delayed_work_sync() into a section protected by lock_sock() without realizing that rds_send_xmit() might call lock_sock(). We don't need to protect cancel_delayed_work_sync() using lock_sock(), for even if rds_{send,recv}_worker() re-queued this work while __flush_work() from cancel_delayed_work_sync() was waiting for this work to complete, retried rds_{send,recv}_worker() is no-op due to the absence of RDS_CONN_UP bit.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-05-07
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50676
EUVD
EUVD-2022-55729
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's RDS (Reliable Datagram Sockets) TCP code where a lock (sock lock) was held incorrectly when cancelling delayed work in the function rds_tcp_reset_callbacks(). The issue arose because cancel_delayed_work_sync() was called within a section protected by lock_sock(), but rds_send_xmit() might also call lock_sock(), leading to potential lockdep warnings and improper locking behavior. The fix was to remove the unnecessary lock_sock() protection around cancel_delayed_work_sync() to avoid these locking conflicts.


How can this vulnerability impact me? :

The vulnerability could lead to locking issues in the Linux kernel's RDS TCP code, potentially causing deadlocks or other synchronization problems. This could affect the stability and reliability of network communications using RDS, possibly leading to system hangs or degraded performance.


What immediate steps should I take to mitigate this vulnerability?

Update the Linux kernel to a version that includes the fix for this vulnerability, specifically the commit ac3615e7f3cffe2a which removes the improper use of lock_sock() around cancel_delayed_work_sync() in rds_tcp_reset_callbacks().


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart