CVE-2022-50177

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18.0

Description The Linux kernel has a vulnerability related to RCU priority boosting. This issue can occur in two situations: when the total number of CPUs is higher than those brought online at boot, and when ksoftirqd kthreads are boosted after the creation of rcu torture boost() kthreads. This can trigger a failure in RCU priority boosting. The issue can be reproduced with specific configurations, such as running ./kvm.sh with certain options.

Recommendations For Linux kernel versions prior to 5.18.0, consider updating to a newer version to resolve the issue. As a temporary workaround, consider disabling the rcu torture boost() function until a patch is available. Restrict access to the vulnerable ksoftirqd kthreads to minimize the risk of exploitation. Avoid using the rcu torture stats print() function in the affected kernel versions until the issue is resolved.