-
CVE-2022-50534
- EPSS -
- Published 07.10.2025 15:19:23
- Last modified 07.10.2025 16:15:37
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
dm thin: Use last transaction's pmd->root when commit failed
Recently we found a softlock up problem in dm thin pool btree lookup
code due to corrupted metadata:
Kernel panic - not syncing: softlockup: hung tasks
CPU: 7 PID: 2669225 Comm: kworker/u16:3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
Workqueue: dm-thin do_worker [dm_thin_pool]
Call Trace:
<IRQ>
dump_stack+0x9c/0xd3
panic+0x35d/0x6b9
watchdog_timer_fn.cold+0x16/0x25
__run_hrtimer+0xa2/0x2d0
</IRQ>
RIP: 0010:__relink_lru+0x102/0x220 [dm_bufio]
__bufio_new+0x11f/0x4f0 [dm_bufio]
new_read+0xa3/0x1e0 [dm_bufio]
dm_bm_read_lock+0x33/0xd0 [dm_persistent_data]
ro_step+0x63/0x100 [dm_persistent_data]
btree_lookup_raw.constprop.0+0x44/0x220 [dm_persistent_data]
dm_btree_lookup+0x16f/0x210 [dm_persistent_data]
dm_thin_find_block+0x12c/0x210 [dm_thin_pool]
__process_bio_read_only+0xc5/0x400 [dm_thin_pool]
process_thin_deferred_bios+0x1a4/0x4a0 [dm_thin_pool]
process_one_work+0x3c5/0x730
Following process may generate a broken btree mixed with fresh and
stale btree nodes, which could get dm thin trapped in an infinite loop
while looking up data block:
Transaction 1: pmd->root = A, A->B->C // One path in btree
pmd->root = X, X->Y->Z // Copy-up
Transaction 2: X,Z is updated on disk, Y write failed.
// Commit failed, dm thin becomes read-only.
process_bio_read_only
dm_thin_find_block
__find_block
dm_btree_lookup(pmd->root)
The pmd->root points to a broken btree, Y may contain stale node
pointing to any block, for example X, which gets dm thin trapped into
a dead loop while looking up Z.
Fix this by setting pmd->root in __open_metadata(), so that dm thin
will use the last transaction's pmd->root if commit failed.
Fetch a reproducer in [Link].
Linke: https://bugzilla.kernel.org/show_bug.cgi?id=216790Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
b35a22760aa5008d82533e59b0f0b5eb1b02d4e5
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
87d69b8824ca9b090f5a8ed47f758e8f6eecb871
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
3db757ffdd87ed8d7118b2250236a496502a660f
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
f758987ff0af3a4b5ee69e95cab6a5294e4367b0
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
94f01ecc2aa0be992865acc80ebb6701f731f955
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
4b710e8481ade7c9200e94d3018e99dc42a0a0e8
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
a63ce4eca86fd207e3db07c00fb7ccf4adf1b230
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
b91f481300e3a10eaf66b94fc39b740928762aaf
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
7991dbff6849f67e823b7cc0c15e5a90b0549b9f
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
3.2
Status
affected
Version <
3.2
Version
0
Status
unaffected
Version <=
4.9.*
Version
4.9.337
Status
unaffected
Version <=
4.14.*
Version
4.14.303
Status
unaffected
Version <=
4.19.*
Version
4.19.270
Status
unaffected
Version <=
5.4.*
Version
5.4.229
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.87
Status
unaffected
Version <=
6.0.*
Version
6.0.18
Status
unaffected
Version <=
6.1.*
Version
6.1.4
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|