{ "threat_severity" : "Moderate", "public_date" : "2025-06-18T00:00:00Z", "bugzilla" : { "description" : "kernel: locking/csd_lock: Change csdlock_debug from early_param to __setup", "id" : "2373532", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373532" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nlocking/csd_lock: Change csdlock_debug from early_param to __setup\nThe csdlock_debug kernel-boot parameter is parsed by the\nearly_param() function csdlock_debug(). If set, csdlock_debug()\ninvokes static_branch_enable() to enable csd_lock_wait feature, which\ntriggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and\nCONFIG_SPARSEMEM_VMEMMAP=n.\nWith CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in\nstatic_key_enable() and returns NULL, resulting in a NULL dereference\nbecause mem_section is initialized only later in sparse_init().\nThis is also a problem for powerpc because early_param() functions\nare invoked earlier than jump_label_init(), also resulting in\nstatic_key_enable() failures. These failures cause the warning \"static\nkey 'xxx' used before call to jump_label_init()\".\nThus, early_param is too early for csd_lock_wait to run\nstatic_branch_enable(), so changes it to __setup to fix these.", "A null pointer dereference exists in the linux kernel such that with CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in\nstatic_key_enable() and returns NULL, resulting in a kernal panic." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50091\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50091\nhttps://lore.kernel.org/linux-cve-announce/2025061800-CVE-2022-50091-fddc@gregkh/T" ], "name" : "CVE-2022-50091", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }