{ "threat_severity" : "Moderate", "public_date" : "2025-10-01T00:00:00Z", "bugzilla" : { "description" : "kernel: remoteproc: imx_dsp_rproc: Add mutex protection for workqueue", "id" : "2400750", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2400750" }, "cvss3" : { "cvss3_base_score" : "6.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-820", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nremoteproc: imx_dsp_rproc: Add mutex protection for workqueue\nThe workqueue may execute late even after remoteproc is stopped or\nstopping, some resources (rpmsg device and endpoint) have been\nreleased in rproc_stop_subdevices(), then rproc_vq_interrupt()\naccessing these resources will cause kennel dump.\nCall trace:\nvirtqueue_add_split+0x1ac/0x560\nvirtqueue_add_inbuf+0x4c/0x60\nrpmsg_recv_done+0x15c/0x294\nvring_interrupt+0x6c/0xa4\nrproc_vq_interrupt+0x30/0x50\nimx_dsp_rproc_vq_work+0x24/0x40 [imx_dsp_rproc]\nprocess_one_work+0x1d0/0x354\nworker_thread+0x13c/0x470\nkthread+0x154/0x160\nret_from_fork+0x10/0x20\nAdd mutex protection in imx_dsp_rproc_vq_work(), if the state is\nnot running, then just skip calling rproc_vq_interrupt().\nAlso the flush workqueue operation can't be added in rproc stop\nfor the same reason. The call sequence is\nrproc_shutdown\n-> rproc_stop\n->rproc_stop_subdevices\n->rproc->ops->stop()\n->imx_dsp_rproc_stop\n->flush_work\n-> rproc_vq_interrupt\nThe resource needed by rproc_vq_interrupt has been released in\nrproc_stop_subdevices, so flush_work is not safe to be called in\nimx_dsp_rproc_stop." ], "statement" : "This vulnerability requires elevated privileges to trigger (`CAP_SYS_ADMIN`) as it relies on the user being able to stop/restart the DSP or send messages that trigger the virtqueue handler via `remoteproc`.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6583", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-362.8.1.el9_3" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50426\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50426\nhttps://lore.kernel.org/linux-cve-announce/2025100156-CVE-2022-50426-a61b@gregkh/T" ], "name" : "CVE-2022-50426", "csaw" : false }