CVE-2022-50676
- Source
- https://cve.org/CVERecord?id=CVE-2022-50676
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50676.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50676
- Downstream
- Related
- Published
- 2025-12-09T01:29:29.166Z
- Modified
- 2026-04-02T08:28:42.130764Z
- Summary
- net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: rds: don't hold sock lock when cancelling work from rdstcpreset_callbacks()
syzbot is reporting lockdep warning at rdstcpresetcallbacks() [1], for commit ac3615e7f3cffe2a ("RDS: TCP: Reduce code duplication in rdstcpresetcallbacks()") added canceldelayedworksync() into a section protected by locksock() without realizing that rdssendxmit() might call lock_sock().
We don't need to protect canceldelayedworksync() using locksock(), for even if rds_{send,recv}_worker() re-queued this work while flushwork() from canceldelayedworksync() was waiting for this work to complete, retried rds{send,recv}worker() is no-op due to the absence of RDSCONNUP bit.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50676.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/2425007c0967a7c04b0dee7cce05ecf0ca869ad1
- https://git.kernel.org/stable/c/30bfa5aa7228eb1e67663d67e553627e572cc717
- https://git.kernel.org/stable/c/360aa7219285fac63dab99706a16f2daf3222abe
- https://git.kernel.org/stable/c/5d2ba255e93211e541373469dffbda7c99dfa0e5
- https://git.kernel.org/stable/c/a91b750fd6629354460282bbf5146c01b05c4859
- https://git.kernel.org/stable/c/afe7053c390fe8ff27d0c2ceaece5625283044ba
- https://git.kernel.org/stable/c/c380c28ab9b15fc53565909c814f6dd3e7f77c4b
- https://git.kernel.org/stable/c/da349221c4d2d4ac5f606c1c3b36d4ef0b3e6a0c
- https://git.kernel.org/stable/c/e3cb25d3ad08f5dbd53ce2b31720cad529944322
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50676.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50676
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedac3615e7f3cffe2a1a6b25172dfd09e138593d82Fixed5d2ba255e93211e541373469dffbda7c99dfa0e5Fixed2425007c0967a7c04b0dee7cce05ecf0ca869ad1Fixede3cb25d3ad08f5dbd53ce2b31720cad529944322Fixed360aa7219285fac63dab99706a16f2daf3222abeFixedda349221c4d2d4ac5f606c1c3b36d4ef0b3e6a0cFixed30bfa5aa7228eb1e67663d67e553627e572cc717Fixedc380c28ab9b15fc53565909c814f6dd3e7f77c4bFixedafe7053c390fe8ff27d0c2ceaece5625283044baFixeda91b750fd6629354460282bbf5146c01b05c4859
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.8.0Fixed4.9.331
- Type
- ECOSYSTEM
- Events
-
Introduced4.10.0Fixed4.14.296
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.262
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.220
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.150
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.75
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed5.19.17
- Type
- ECOSYSTEM
- Events
-
Introduced5.20.0Fixed6.0.3