CVE-2022-50426
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50426
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50426.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50426
- Downstream
- Published
- 2025-10-01T11:42:05Z
- Modified
- 2025-10-15T02:52:30.815224Z
- Summary
- remoteproc: imx_dsp_rproc: Add mutex protection for workqueue
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: imxdsprproc: Add mutex protection for workqueue
The workqueue may execute late even after remoteproc is stopped or stopping, some resources (rpmsg device and endpoint) have been released in rprocstopsubdevices(), then rprocvqinterrupt() accessing these resources will cause kennel dump.
Call trace: virtqueueaddsplit+0x1ac/0x560 virtqueueaddinbuf+0x4c/0x60 rpmsgrecvdone+0x15c/0x294 vringinterrupt+0x6c/0xa4 rprocvqinterrupt+0x30/0x50 imxdsprprocvqwork+0x24/0x40 [imxdsprproc] processonework+0x1d0/0x354 workerthread+0x13c/0x470 kthread+0x154/0x160 retfromfork+0x10/0x20
Add mutex protection in imxdsprprocvqwork(), if the state is not running, then just skip calling rprocvqinterrupt().
Also the flush workqueue operation can't be added in rproc stop for the same reason. The call sequence is
rprocshutdown -> rprocstop ->rprocstopsubdevices ->rproc->ops->stop() ->imxdsprprocstop ->flushwork -> rprocvqinterrupt
The resource needed by rprocvqinterrupt has been released in rprocstopsubdevices, so flushwork is not safe to be called in imxdsprprocstop.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedec0e5549f3586d2cb99a05edd006d722ebad912cFixed4a3e1fa7a77838617bdbcd95127ce93a959fad44
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedec0e5549f3586d2cb99a05edd006d722ebad912cFixedb9693304b7133b81741add5bfb56f022596df012
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedec0e5549f3586d2cb99a05edd006d722ebad912cFixed47e6ab07018edebf94ce873cf50a05ec76ff2dde
Affected versions
v5.*
v5.15
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.16
v6.0.17
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.2
v6.1.3
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2022-50426-391aa651",
"signature_type": "Function",
"target": {
"file": "drivers/remoteproc/imx_dsp_rproc.c",
"function": "imx_dsp_rproc_stop"
},
"deprecated": false,
"digest": {
"length": 726.0,
"function_hash": "109041616076161892013800566044732070122"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4a3e1fa7a77838617bdbcd95127ce93a959fad44"
},
{
"id": "CVE-2022-50426-58eaa75e",
"signature_type": "Function",
"target": {
"file": "drivers/remoteproc/imx_dsp_rproc.c",
"function": "imx_dsp_rproc_vq_work"
},
"deprecated": false,
"digest": {
"length": 200.0,
"function_hash": "316185458787764825113542629514266994690"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@47e6ab07018edebf94ce873cf50a05ec76ff2dde"
},
{
"id": "CVE-2022-50426-671267a2",
"signature_type": "Function",
"target": {
"file": "drivers/remoteproc/imx_dsp_rproc.c",
"function": "imx_dsp_rproc_vq_work"
},
"deprecated": false,
"digest": {
"length": 200.0,
"function_hash": "316185458787764825113542629514266994690"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9693304b7133b81741add5bfb56f022596df012"
},
{
"id": "CVE-2022-50426-6ba6ab79",
"signature_type": "Line",
"target": {
"file": "drivers/remoteproc/imx_dsp_rproc.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"161983909799124387316198074841990841336",
"131102365320090944357726429402127524081",
"145072722488787424867176051648114671868",
"45077879115571602591725964682573626545",
"28003119952307279637489924438306077087",
"132116189381857797611254450795927144112",
"312639363192262905365190295178850974840",
"287676031523950389817024819615142502827",
"227583499025433173409810861360476642095",
"318347970876999607516713640403971027825"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@47e6ab07018edebf94ce873cf50a05ec76ff2dde"
},
{
"id": "CVE-2022-50426-82de5276",
"signature_type": "Line",
"target": {
"file": "drivers/remoteproc/imx_dsp_rproc.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"161983909799124387316198074841990841336",
"131102365320090944357726429402127524081",
"145072722488787424867176051648114671868",
"45077879115571602591725964682573626545",
"28003119952307279637489924438306077087",
"132116189381857797611254450795927144112",
"312639363192262905365190295178850974840",
"287676031523950389817024819615142502827",
"227583499025433173409810861360476642095",
"318347970876999607516713640403971027825"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4a3e1fa7a77838617bdbcd95127ce93a959fad44"
},
{
"id": "CVE-2022-50426-86f30c2c",
"signature_type": "Function",
"target": {
"file": "drivers/remoteproc/imx_dsp_rproc.c",
"function": "imx_dsp_rproc_stop"
},
"deprecated": false,
"digest": {
"length": 726.0,
"function_hash": "109041616076161892013800566044732070122"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9693304b7133b81741add5bfb56f022596df012"
},
{
"id": "CVE-2022-50426-91d4d4f2",
"signature_type": "Line",
"target": {
"file": "drivers/remoteproc/imx_dsp_rproc.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"161983909799124387316198074841990841336",
"131102365320090944357726429402127524081",
"145072722488787424867176051648114671868",
"45077879115571602591725964682573626545",
"28003119952307279637489924438306077087",
"132116189381857797611254450795927144112",
"312639363192262905365190295178850974840",
"287676031523950389817024819615142502827",
"227583499025433173409810861360476642095",
"318347970876999607516713640403971027825"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9693304b7133b81741add5bfb56f022596df012"
},
{
"id": "CVE-2022-50426-a977c5d0",
"signature_type": "Function",
"target": {
"file": "drivers/remoteproc/imx_dsp_rproc.c",
"function": "imx_dsp_rproc_vq_work"
},
"deprecated": false,
"digest": {
"length": 200.0,
"function_hash": "316185458787764825113542629514266994690"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4a3e1fa7a77838617bdbcd95127ce93a959fad44"
},
{
"id": "CVE-2022-50426-ee5ae909",
"signature_type": "Function",
"target": {
"file": "drivers/remoteproc/imx_dsp_rproc.c",
"function": "imx_dsp_rproc_stop"
},
"deprecated": false,
"digest": {
"length": 726.0,
"function_hash": "109041616076161892013800566044732070122"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@47e6ab07018edebf94ce873cf50a05ec76ff2dde"
}
]
}