CVE-2022-50314

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix hung when signal interrupts nbd_start_device_ioctl() syzbot reported hung task [1]. The following program is a simplified version of the reproducer: int main(void) { int sv[2], fd; if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0) return 1; if ((fd = open("/dev/nbd0", 0)) < 0) return 1; if (ioctl(fd, NBD_SET_SIZE_BLOCKS, 0x81) < 0) return 1; if (ioctl(fd, NBD_SET_SOCK, sv[0]) < 0) return 1; if (ioctl(fd, NBD_DO_IT) < 0) return 1; return 0; } When signal interrupt nbd_start_device_ioctl() waiting the condition atomic_read(&config->recv_threads) == 0, the task can hung because it waits the completion of the inflight IOs. This patch fixes the issue by clearing queue, not just shutdown, when signal interrupt nbd_start_device_ioctl().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1de7c3cf48fc41cd95adb12bd1ea9033a917798a	Patch
https://git.kernel.org/stable/c/3575949513ea3b387b30dac1e69468a923c86caf	Patch
https://git.kernel.org/stable/c/35fb7d4a53d9e36d1b91161ea9870d9c6d57dccf	Patch
https://git.kernel.org/stable/c/3ba3846cb3e2fb3c6fbf79e998472821b298419e	Patch
https://git.kernel.org/stable/c/62006a72b05e0d38727eef5188700f2488be5e89	Patch
https://git.kernel.org/stable/c/b2700f98b3f4dd19fb4315b70581e5caff89eb49	Patch
https://git.kernel.org/stable/c/c0d73be0af8c1310713bc39a8d7a22e35084e14f	Patch
https://git.kernel.org/stable/c/c7b4641bd2395c2f3cd3b0a0cbf292ed9d489398	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-09-15 15:15

Updated : 2025-12-04 15:22

NVD link : CVE-2022-50314

Mitre link : CVE-2022-50314

CVE.ORG link : CVE-2022-50314

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-50314", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-09-15T15:15:43.247", "references": [{"url": "https://git.kernel.org/stable/c/1de7c3cf48fc41cd95adb12bd1ea9033a917798a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3575949513ea3b387b30dac1e69468a923c86caf", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/35fb7d4a53d9e36d1b91161ea9870d9c6d57dccf", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3ba3846cb3e2fb3c6fbf79e998472821b298419e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/62006a72b05e0d38727eef5188700f2488be5e89", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b2700f98b3f4dd19fb4315b70581e5caff89eb49", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c0d73be0af8c1310713bc39a8d7a22e35084e14f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c7b4641bd2395c2f3cd3b0a0cbf292ed9d489398", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: Fix hung when signal interrupts nbd_start_device_ioctl()\n\nsyzbot reported hung task [1]. The following program is a simplified\nversion of the reproducer:\n\nint main(void)\n{\n\tint sv[2], fd;\n\n\tif (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0)\n\t\treturn 1;\n\tif ((fd = open(\"/dev/nbd0\", 0)) < 0)\n\t\treturn 1;\n\tif (ioctl(fd, NBD_SET_SIZE_BLOCKS, 0x81) < 0)\n\t\treturn 1;\n\tif (ioctl(fd, NBD_SET_SOCK, sv[0]) < 0)\n\t\treturn 1;\n\tif (ioctl(fd, NBD_DO_IT) < 0)\n\t\treturn 1;\n\treturn 0;\n}\n\nWhen signal interrupt nbd_start_device_ioctl() waiting the condition\natomic_read(&config->recv_threads) == 0, the task can hung because it\nwaits the completion of the inflight IOs.\n\nThis patch fixes the issue by clearing queue, not just shutdown, when\nsignal interrupt nbd_start_device_ioctl()."}], "lastModified": "2025-12-04T15:22:06.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C71AA4D8-A0D5-45D7-A420-247193B5BED7", "versionEndExcluding": "4.14.296"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6B62970-1FAD-4ED6-930A-23E26A8D2E08", "versionEndExcluding": "4.19.262", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "125F7133-B3B7-4175-8CF3-FF0845483254", "versionEndExcluding": "5.4.220", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C495821C-2A71-4F09-BED8-6A6EB4C9BA27", "versionEndExcluding": "5.10.150", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D945F46-F32F-4C09-8400-C3477E22A9FB", "versionEndExcluding": "5.15.75", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19B4C3A4-E5C3-41DC-BB14-BE72858E7D35", "versionEndExcluding": "5.19.17", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BCD8201-B847-4442-B894-70D430128DEF", "versionEndExcluding": "6.0.3", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}