CVE-2022-50676

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s RDS (Reliable Datagram Sockets) implementation. Specifically, the issue involves holding a socket lock while cancelling work from the rds tcp reset callbacks() function. The cancel delayed work sync() function was added without recognizing that rds send xmit() might call lock sock(), leading to a lock dependency warning. The vulnerability arises because cancel delayed work sync() is called within a section protected by lock sock(), potentially causing issues if rds send xmit() re-queues the work. However, the re-queued work is a no-op due to the absence of the RDS CONN UP bit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.