CVE-2022-50426

EPSS 0.02%
Published 01.10.2025 12:15:34
Last modified 02.10.2025 19:12:17
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

remoteproc: imx_dsp_rproc: Add mutex protection for workqueue

The workqueue may execute late even after remoteproc is stopped or
stopping, some resources (rpmsg device and endpoint) have been
released in rproc_stop_subdevices(), then rproc_vq_interrupt()
accessing these resources will cause kennel dump.

Call trace:
 virtqueue_add_split+0x1ac/0x560
 virtqueue_add_inbuf+0x4c/0x60
 rpmsg_recv_done+0x15c/0x294
 vring_interrupt+0x6c/0xa4
 rproc_vq_interrupt+0x30/0x50
 imx_dsp_rproc_vq_work+0x24/0x40 [imx_dsp_rproc]
 process_one_work+0x1d0/0x354
 worker_thread+0x13c/0x470
 kthread+0x154/0x160
 ret_from_fork+0x10/0x20

Add mutex protection in imx_dsp_rproc_vq_work(), if the state is
not running, then just skip calling rproc_vq_interrupt().

Also the flush workqueue operation can't be added in rproc stop
for the same reason. The call sequence is

rproc_shutdown
-> rproc_stop
   ->rproc_stop_subdevices
   ->rproc->ops->stop()
     ->imx_dsp_rproc_stop
       ->flush_work
         -> rproc_vq_interrupt

The resource needed by rproc_vq_interrupt has been released in
rproc_stop_subdevices, so flush_work is not safe to be called in
imx_dsp_rproc_stop.

Affected products Warnungen 0 Metrics 1 CWE 0 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 4a3e1fa7a77838617bdbcd95127ce93a959fad44

Version ec0e5549f3586d2cb99a05edd006d722ebad912c

Status affected

Version < b9693304b7133b81741add5bfb56f022596df012

Version ec0e5549f3586d2cb99a05edd006d722ebad912c

Status affected

Version < 47e6ab07018edebf94ce873cf50a05ec76ff2dde

Version ec0e5549f3586d2cb99a05edd006d722ebad912c

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.16

Status affected

Version < 5.16

Version 0

Status unaffected

Version <= 6.0.*

Version 6.0.18

Status unaffected

Version <= 6.1.*

Version 6.1.4

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.044

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/47e6ab07018edebf94ce873cf50a05ec76ff2dde

https://git.kernel.org/stable/c/4a3e1fa7a77838617bdbcd95127ce93a959fad44

https://git.kernel.org/stable/c/b9693304b7133b81741add5bfb56f022596df012

https://nvd.nist.gov/vuln/detail/CVE-2022-50426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50426

EUVD