CVE-2022-50116

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18.0

Description A deadlock and link starvation issue in the outgoing data path of the Linux kernel's n gsm implementation has been resolved. The issue occurred due to the hard coupling of the upper and lower layers in the code, leading to potential deadlocks and data channel starvation of the control channel during ldisc congestion. To address this, an additional control channel data queue has been introduced to prevent timeouts and link hangups. The queue is processed with the highest priority in gsm data kick(), and the ldisc data path has been moved to a workqueue to improve performance and reduce latency.

Recommendations For Linux kernel versions prior to 5.18.0, update to version 5.18.0 or later to resolve the issue. As a temporary workaround, consider disabling the gsm data kick() function until a patch is available. Restrict access to the vulnerable n gsm module to minimize the risk of exploitation. Avoid using the tty interface in the affected API endpoint until the issue is resolved.