fkie_cve-2022-50363
Vulnerability from fkie_nvd
Published
2025-09-17 15:15
Modified
2025-09-18 13:43
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
skmsg: pass gfp argument to alloc_sk_msg()
syzbot found that alloc_sk_msg() could be called from a
non sleepable context. sk_psock_verdict_recv() uses
rcu_read_lock() protection.
We need the callers to pass a gfp_t argument to avoid issues.
syzbot report was:
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3613, name: syz-executor414
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
INFO: lockdep is turned off.
CPU: 0 PID: 3613 Comm: syz-executor414 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
__might_resched+0x538/0x6a0 kernel/sched/core.c:9877
might_alloc include/linux/sched/mm.h:274 [inline]
slab_pre_alloc_hook mm/slab.h:700 [inline]
slab_alloc_node mm/slub.c:3162 [inline]
slab_alloc mm/slub.c:3256 [inline]
kmem_cache_alloc_trace+0x59/0x310 mm/slub.c:3287
kmalloc include/linux/slab.h:600 [inline]
kzalloc include/linux/slab.h:733 [inline]
alloc_sk_msg net/core/skmsg.c:507 [inline]
sk_psock_skb_ingress_self+0x5c/0x330 net/core/skmsg.c:600
sk_psock_verdict_apply+0x395/0x440 net/core/skmsg.c:1014
sk_psock_verdict_recv+0x34d/0x560 net/core/skmsg.c:1201
tcp_read_skb+0x4a1/0x790 net/ipv4/tcp.c:1770
tcp_rcv_established+0x129d/0x1a10 net/ipv4/tcp_input.c:5971
tcp_v4_do_rcv+0x479/0xac0 net/ipv4/tcp_ipv4.c:1681
sk_backlog_rcv include/net/sock.h:1109 [inline]
__release_sock+0x1d8/0x4c0 net/core/sock.c:2906
release_sock+0x5d/0x1c0 net/core/sock.c:3462
tcp_sendmsg+0x36/0x40 net/ipv4/tcp.c:1483
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
__sys_sendto+0x46d/0x5f0 net/socket.c:2117
__do_sys_sendto net/socket.c:2129 [inline]
__se_sys_sendto net/socket.c:2125 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2125
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nskmsg: pass gfp argument to alloc_sk_msg()\n\nsyzbot found that alloc_sk_msg() could be called from a\nnon sleepable context. sk_psock_verdict_recv() uses\nrcu_read_lock() protection.\n\nWe need the callers to pass a gfp_t argument to avoid issues.\n\nsyzbot report was:\n\nBUG: sleeping function called from invalid context at include/linux/sched/mm.h:274\nin_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3613, name: syz-executor414\npreempt_count: 0, expected: 0\nRCU nest depth: 1, expected: 0\nINFO: lockdep is turned off.\nCPU: 0 PID: 3613 Comm: syz-executor414 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106\n__might_resched+0x538/0x6a0 kernel/sched/core.c:9877\nmight_alloc include/linux/sched/mm.h:274 [inline]\nslab_pre_alloc_hook mm/slab.h:700 [inline]\nslab_alloc_node mm/slub.c:3162 [inline]\nslab_alloc mm/slub.c:3256 [inline]\nkmem_cache_alloc_trace+0x59/0x310 mm/slub.c:3287\nkmalloc include/linux/slab.h:600 [inline]\nkzalloc include/linux/slab.h:733 [inline]\nalloc_sk_msg net/core/skmsg.c:507 [inline]\nsk_psock_skb_ingress_self+0x5c/0x330 net/core/skmsg.c:600\nsk_psock_verdict_apply+0x395/0x440 net/core/skmsg.c:1014\nsk_psock_verdict_recv+0x34d/0x560 net/core/skmsg.c:1201\ntcp_read_skb+0x4a1/0x790 net/ipv4/tcp.c:1770\ntcp_rcv_established+0x129d/0x1a10 net/ipv4/tcp_input.c:5971\ntcp_v4_do_rcv+0x479/0xac0 net/ipv4/tcp_ipv4.c:1681\nsk_backlog_rcv include/net/sock.h:1109 [inline]\n__release_sock+0x1d8/0x4c0 net/core/sock.c:2906\nrelease_sock+0x5d/0x1c0 net/core/sock.c:3462\ntcp_sendmsg+0x36/0x40 net/ipv4/tcp.c:1483\nsock_sendmsg_nosec net/socket.c:714 [inline]\nsock_sendmsg net/socket.c:734 [inline]\n__sys_sendto+0x46d/0x5f0 net/socket.c:2117\n__do_sys_sendto net/socket.c:2129 [inline]\n__se_sys_sendto net/socket.c:2125 [inline]\n__x64_sys_sendto+0xda/0xf0 net/socket.c:2125\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"id": "CVE-2022-50363",
"lastModified": "2025-09-18T13:43:34.310",
"metrics": {},
"published": "2025-09-17T15:15:35.107",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/2d1f274b95c6e4ba6a813b3b8e7a1a38d54a0a08"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/693ddd6ffc05b228ea1638f9d757c5d3541f9446"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…