CVE-2022-49998

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0-rc6

Description The issue is related to the rxrpc's sendmsg implementation in the Linux kernel, where three bugs have been identified and fixed. These bugs concern locking mechanisms, specifically the release of the socket lock and the call mutex. Without the fix, a warning about a bad unlock balance can be triggered, potentially leading to issues. The problem arises from the way rxrpc new client call(), rxrpc wait for tx window intr(), and rxrpc send data() handle locking and unlocking, which can lead to a situation where a lock is released without being held.

Recommendations For Linux kernel versions prior to 5.16.0-rc6, update to a version that includes the fix for the rxrpc's sendmsg implementation to resolve the locking issues. As a temporary workaround, consider implementing different locks for sendmsg() and recvmsg() to prevent recvmsg() from waiting for sendmsg(), although this might lead to recvmsg() returning MSG EOR before a sendmsg() to the same call returns.