DEBIAN-CVE-2022-50699

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2022-50699
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50699.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-50699
Upstream
Published
2025-12-24T11:15:50.050Z
Modified
2025-12-25T11:13:32.358395Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext() The following warning was triggered on a hardware environment: SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context at mightsleep+0x60/0x74 0x0 inatomic(): 1, irqsdisabled(): 128, nonblock: 0, pid: 5943, name: tar CPU: 7 PID: 5943 Comm: tar Tainted: P O 5.10.0 #1 Call trace: dumpbacktrace+0x0/0x1c8 showstack+0x18/0x28 dumpstack+0xe8/0x15c mightsleep+0x168/0x17c _mightsleep+0x60/0x74 _kmalloctrackcaller+0xa0/0x7dc kstrdup+0x54/0xac convertcontext+0x48/0x2e4 sidtabcontexttosid+0x1c4/0x36c securitycontexttosidcore+0x168/0x238 securitycontexttosiddefault+0x14/0x24 inodedoinitusexattr+0x164/0x1e4 inodedoinitwithdentry+0x1c0/0x488 selinuxdinstantiate+0x20/0x34 securitydinstantiate+0x70/0xbc dsplicealias+0x4c/0x3c0 ext4lookup+0x1d8/0x200 [ext4] _lookupslow+0x12c/0x1e4 walkcomponent+0x100/0x200 pathlookupat+0x88/0x118 filenamelookup+0x98/0x130 userpathatempty+0x48/0x60 vfsstatx+0x84/0x140 vfsfstatat+0x20/0x30 _sesysnewfstatat+0x30/0x74 _arm64sysnewfstatat+0x1c/0x2c el0svccommon.constprop.0+0x100/0x184 doel0svc+0x1c/0x2c el0svc+0x20/0x34 el0synchandler+0x80/0x17c el0sync+0x13c/0x140 SELinux: Context systemu:objectr:pssprsysloglogt:s0:c0 is not valid (left unmapped). It was found that within a critical section of spinlockirqsave in sidtabcontexttosid(), convertcontext() (hooked by sidtabconvertparams.func) might cause the process to sleep via allocating memory with GFPKERNEL, which is problematic. As Ondrej pointed out [1], convertcontext()/sidtabconvertparams.func has another caller sidtabconverttree(), which is okay with GFPKERNEL. Therefore, fix this problem by adding a gfpt argument for convertcontext()/sidtabconvertparams.func and pass GFPKERNEL/ATOMIC properly in individual callers. [PM: wrap long BUG() output lines, tweak subject line]

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.158-1

Affected versions

5.*
5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50699.json"

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.6-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50699.json"

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.6-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50699.json"

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.6-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50699.json"