CVE-2022-50100

EPSS 0.03%
Veröffentlicht 18.06.2025 11:02:36
Zuletzt bearbeitet 18.06.2025 13:47:40
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

sched/core: Do not requeue task on CPU excluded from cpus_mask

The following warning was triggered on a large machine early in boot on
a distribution kernel but the same problem should also affect mainline.

   WARNING: CPU: 439 PID: 10 at ../kernel/workqueue.c:2231 process_one_work+0x4d/0x440
   Call Trace:
    <TASK>
    rescuer_thread+0x1f6/0x360
    kthread+0x156/0x180
    ret_from_fork+0x22/0x30
    </TASK>

Commit c6e7bd7afaeb ("sched/core: Optimize ttwu() spinning on p->on_cpu")
optimises ttwu by queueing a task that is descheduling on the wakelist,
but does not check if the task descheduling is still allowed to run on that CPU.

In this warning, the problematic task is a workqueue rescue thread which
checks if the rescue is for a per-cpu workqueue and running on the wrong CPU.
While this is early in boot and it should be possible to create workers,
the rescue thread may still used if the MAYDAY_INITIAL_TIMEOUT is reached
or MAYDAY_INTERVAL and on a sufficiently large machine, the rescue
thread is being used frequently.

Tracing confirmed that the task should have migrated properly using the
stopper thread to handle the migration. However, a parallel wakeup from udev
running on another CPU that does not share CPU cache observes p->on_cpu and
uses task_cpu(p), queues the task on the old CPU and triggers the warning.

Check that the wakee task that is descheduling is still allowed to run
on its current CPU and if not, wait for the descheduling to complete
and select an allowed CPU.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 748d2e9585ae53cb6be48e84f93d2f082ae1d135

Version c6e7bd7afaeb3af55ffac122828035f1c01d1d7b

Status affected

Version < fde45283f4c8a91c367ea5f20f87036468755121

Version c6e7bd7afaeb3af55ffac122828035f1c01d1d7b

Status affected

Version < 302f7b0fc337746f41c69eb08522907f6a90c643

Version c6e7bd7afaeb3af55ffac122828035f1c01d1d7b

Status affected

Version < 751d4cbc43879229dbc124afefe240b70fd29a85

Version c6e7bd7afaeb3af55ffac122828035f1c01d1d7b

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.8

Status affected

Version < 5.8

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.61

Status unaffected

Version <= 5.18.*

Version 5.18.18

Status unaffected

Version <= 5.19.*

Version 5.19.2

Status unaffected

Version <= *

Version 6.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.056

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/748d2e9585ae53cb6be48e84f93d2f082ae1d135

https://git.kernel.org/stable/c/fde45283f4c8a91c367ea5f20f87036468755121

https://git.kernel.org/stable/c/302f7b0fc337746f41c69eb08522907f6a90c643

https://git.kernel.org/stable/c/751d4cbc43879229dbc124afefe240b70fd29a85

https://nvd.nist.gov/vuln/detail/CVE-2022-50100

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50100

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50100

EUVD