{
  "threat_severity" : "Moderate",
  "public_date" : "2025-09-17T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: skmsg: pass gfp argument to alloc_sk_msg()",
    "id" : "2396129",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2396129"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-767",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nskmsg: pass gfp argument to alloc_sk_msg()\nsyzbot found that alloc_sk_msg() could be called from a\nnon sleepable context. sk_psock_verdict_recv() uses\nrcu_read_lock() protection.\nWe need the callers to pass a gfp_t argument to avoid issues.\nsyzbot report was:\nBUG: sleeping function called from invalid context at include/linux/sched/mm.h:274\nin_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3613, name: syz-executor414\npreempt_count: 0, expected: 0\nRCU nest depth: 1, expected: 0\nINFO: lockdep is turned off.\nCPU: 0 PID: 3613 Comm: syz-executor414 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106\n__might_resched+0x538/0x6a0 kernel/sched/core.c:9877\nmight_alloc include/linux/sched/mm.h:274 [inline]\nslab_pre_alloc_hook mm/slab.h:700 [inline]\nslab_alloc_node mm/slub.c:3162 [inline]\nslab_alloc mm/slub.c:3256 [inline]\nkmem_cache_alloc_trace+0x59/0x310 mm/slub.c:3287\nkmalloc include/linux/slab.h:600 [inline]\nkzalloc include/linux/slab.h:733 [inline]\nalloc_sk_msg net/core/skmsg.c:507 [inline]\nsk_psock_skb_ingress_self+0x5c/0x330 net/core/skmsg.c:600\nsk_psock_verdict_apply+0x395/0x440 net/core/skmsg.c:1014\nsk_psock_verdict_recv+0x34d/0x560 net/core/skmsg.c:1201\ntcp_read_skb+0x4a1/0x790 net/ipv4/tcp.c:1770\ntcp_rcv_established+0x129d/0x1a10 net/ipv4/tcp_input.c:5971\ntcp_v4_do_rcv+0x479/0xac0 net/ipv4/tcp_ipv4.c:1681\nsk_backlog_rcv include/net/sock.h:1109 [inline]\n__release_sock+0x1d8/0x4c0 net/core/sock.c:2906\nrelease_sock+0x5d/0x1c0 net/core/sock.c:3462\ntcp_sendmsg+0x36/0x40 net/ipv4/tcp.c:1483\nsock_sendmsg_nosec net/socket.c:714 [inline]\nsock_sendmsg net/socket.c:734 [inline]\n__sys_sendto+0x46d/0x5f0 net/socket.c:2117\n__do_sys_sendto net/socket.c:2129 [inline]\n__se_sys_sendto net/socket.c:2125 [inline]\n__x64_sys_sendto+0xda/0xf0 net/socket.c:2125\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd", "A denial of service exists in the pass gfp argument to alloc_sk_msg() of the linux kernel, such that an attacker creating a specially crafted payload could result in damage to system availability." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50363\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50363\nhttps://lore.kernel.org/linux-cve-announce/2025091715-CVE-2022-50363-7e9b@gregkh/T" ],
  "name" : "CVE-2022-50363",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria, comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}