ghsa-hffq-87g8-8r3x
Vulnerability from github
Published
2025-09-18 15:30
Modified
2025-09-18 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

padata: Always leave BHs disabled when running ->parallel()

A deadlock can happen when an overloaded system runs ->parallel() in the context of the current task:

padata_do_parallel
  ->parallel()
    pcrypt_aead_enc/dec
      padata_do_serial
        spin_lock(&reorder->lock) // BHs still enabled
          <interrupt>
            ...
              __do_softirq
                ...
                  padata_do_serial
                    spin_lock(&reorder->lock)

It's a bug for BHs to be on in _do_serial as Steffen points out, so ensure they're off in the "current task" case like they are in padata_parallel_worker to avoid this situation.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-50382"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:36Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Always leave BHs disabled when running -\u003eparallel()\n\nA deadlock can happen when an overloaded system runs -\u003eparallel() in the\ncontext of the current task:\n\n    padata_do_parallel\n      -\u003eparallel()\n        pcrypt_aead_enc/dec\n          padata_do_serial\n            spin_lock(\u0026reorder-\u003elock) // BHs still enabled\n              \u003cinterrupt\u003e\n                ...\n                  __do_softirq\n                    ...\n                      padata_do_serial\n                        spin_lock(\u0026reorder-\u003elock)\n\nIt\u0027s a bug for BHs to be on in _do_serial as Steffen points out, so\nensure they\u0027re off in the \"current task\" case like they are in\npadata_parallel_worker to avoid this situation.",
  "id": "GHSA-hffq-87g8-8r3x",
  "modified": "2025-09-18T15:30:32Z",
  "published": "2025-09-18T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50382"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17afa98bccec4f52203508b3f49b5f948c6fd6ac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/34c3a47d20ae55b3600fed733bf96eafe9c500d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6cfa9e60c0f88fdec6368e081ab968411cc706b1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7337adb20fcc0aebb50eaff2bc5a8dd9a7c6743d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e0681dd4eee029eb1d533d06993f7cb091efb73"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.