CVE-2022-50350

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists between the login work function and the login thread in the iSCSI target implementation. A malicious initiator sending data immediately after a login PDU can cause the iscsi target sk data ready() callback to schedule login work. If negotiation completes without clearing the LOGIN FLAGS INITIAL PDU flag, login work will repeatedly reschedule itself. Subsequently, if the initiator terminates the connection, a NULL pointer dereference occurs when login work attempts to access a freed socket structure, leading to a kernel crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

AZL-71155

BDU:2026-06038

CESA-2023_2951

CVE-2022-50350

OESA-2025-2406

OESA-2025-2407

OESA-2025-2408

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

SUSE-SU-2025:4189-1

Affected Products

Centos

Debian

Linux Kernel

Red Hat

Suse

CVE-2022-50350

Weakness Enumeration

Related Identifiers

Affected Products

References · 357