ghsa-w4mq-qvfm-cqjm
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: imx_dsp_rproc: Add mutex protection for workqueue
The workqueue may execute late even after remoteproc is stopped or stopping, some resources (rpmsg device and endpoint) have been released in rproc_stop_subdevices(), then rproc_vq_interrupt() accessing these resources will cause kennel dump.
Call trace: virtqueue_add_split+0x1ac/0x560 virtqueue_add_inbuf+0x4c/0x60 rpmsg_recv_done+0x15c/0x294 vring_interrupt+0x6c/0xa4 rproc_vq_interrupt+0x30/0x50 imx_dsp_rproc_vq_work+0x24/0x40 [imx_dsp_rproc] process_one_work+0x1d0/0x354 worker_thread+0x13c/0x470 kthread+0x154/0x160 ret_from_fork+0x10/0x20
Add mutex protection in imx_dsp_rproc_vq_work(), if the state is not running, then just skip calling rproc_vq_interrupt().
Also the flush workqueue operation can't be added in rproc stop for the same reason. The call sequence is
rproc_shutdown -> rproc_stop ->rproc_stop_subdevices ->rproc->ops->stop() ->imx_dsp_rproc_stop ->flush_work -> rproc_vq_interrupt
The resource needed by rproc_vq_interrupt has been released in rproc_stop_subdevices, so flush_work is not safe to be called in imx_dsp_rproc_stop.
{
"affected": [],
"aliases": [
"CVE-2022-50426"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:34Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_dsp_rproc: Add mutex protection for workqueue\n\nThe workqueue may execute late even after remoteproc is stopped or\nstopping, some resources (rpmsg device and endpoint) have been\nreleased in rproc_stop_subdevices(), then rproc_vq_interrupt()\naccessing these resources will cause kennel dump.\n\nCall trace:\n virtqueue_add_split+0x1ac/0x560\n virtqueue_add_inbuf+0x4c/0x60\n rpmsg_recv_done+0x15c/0x294\n vring_interrupt+0x6c/0xa4\n rproc_vq_interrupt+0x30/0x50\n imx_dsp_rproc_vq_work+0x24/0x40 [imx_dsp_rproc]\n process_one_work+0x1d0/0x354\n worker_thread+0x13c/0x470\n kthread+0x154/0x160\n ret_from_fork+0x10/0x20\n\nAdd mutex protection in imx_dsp_rproc_vq_work(), if the state is\nnot running, then just skip calling rproc_vq_interrupt().\n\nAlso the flush workqueue operation can\u0027t be added in rproc stop\nfor the same reason. The call sequence is\n\nrproc_shutdown\n-\u003e rproc_stop\n -\u003erproc_stop_subdevices\n -\u003erproc-\u003eops-\u003estop()\n -\u003eimx_dsp_rproc_stop\n -\u003eflush_work\n -\u003e rproc_vq_interrupt\n\nThe resource needed by rproc_vq_interrupt has been released in\nrproc_stop_subdevices, so flush_work is not safe to be called in\nimx_dsp_rproc_stop.",
"id": "GHSA-w4mq-qvfm-cqjm",
"modified": "2025-10-01T12:30:27Z",
"published": "2025-10-01T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50426"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47e6ab07018edebf94ce873cf50a05ec76ff2dde"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4a3e1fa7a77838617bdbcd95127ce93a959fad44"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b9693304b7133b81741add5bfb56f022596df012"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.