CVE-2022-50314
Published: Sep 15, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: nbd: Fix hung when signal interrupts nbd_start_device_ioctl() syzbot reported hung task [1]. The following program is a simplified version of the reproducer: int main(void) { int sv[2], fd; if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0) return 1; if ((fd = open("/dev/nbd0", 0)) < 0) return 1; if (ioctl(fd, NBD_SET_SIZE_BLOCKS, 0x81) < 0) return 1; if (ioctl(fd, NBD_SET_SOCK, sv[0]) < 0) return 1; if (ioctl(fd, NBD_DO_IT) < 0) return 1; return 0; } When signal interrupt nbd_start_device_ioctl() waiting the condition atomic_read(&config->recv_threads) == 0, the task can hung because it waits the completion of the inflight IOs. This patch fixes the issue by clearing queue, not just shutdown, when signal interrupt nbd_start_device_ioctl().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 5ea8d10802ec4c153a6e21eebaf412e2abd29736 - < 3ba3846cb3e2fb3c6fbf79e998472821b298419eaffected 5ea8d10802ec4c153a6e21eebaf412e2abd29736 - < c7b4641bd2395c2f3cd3b0a0cbf292ed9d489398affected 5ea8d10802ec4c153a6e21eebaf412e2abd29736 - < 3575949513ea3b387b30dac1e69468a923c86cafaffected 5ea8d10802ec4c153a6e21eebaf412e2abd29736 - < b2700f98b3f4dd19fb4315b70581e5caff89eb49affected 5ea8d10802ec4c153a6e21eebaf412e2abd29736 - < c0d73be0af8c1310713bc39a8d7a22e35084e14f+3 more versions |
Linux | Linux | affected 4.12unaffected 0 - < 4.12unaffected 4.14.296 - <= 4.14.*unaffected 4.19.262 - <= 4.19.*unaffected 5.4.220 - <= 5.4.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now