CVE-2022-50426

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's remoteproc subsystem, specifically within the imx dsp rproc component. A race condition can occur where a workqueue executes after the remoteproc has been stopped, leading to access of released resources (rpmsg device and endpoint). This can result in a kernel dump. The issue arises from the improper handling of interrupts and workqueue operations during the shutdown process of the remoteproc. Specifically, the rproc vq interrupt() function may be called after resources it depends on have already been released by rproc stop subdevices(). A mutex protection has been added to imx dsp rproc vq work() to prevent this issue, skipping the call to rproc vq interrupt() if the state is not running. The flush workqueue operation is also deemed unsafe to be called during the remoteproc stop sequence for the same reason.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.