CVE-2022-50676

net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() syzbot is reporting lockdep warning at rds_tcp_reset_callbacks() [1], for
commit ac3615e7f3cffe2a ("RDS: TCP: Reduce code duplication in
rds_tcp_reset_callbacks()") added cancel_delayed_work_sync() into a section
protected by lock_sock() without realizing that rds_send_xmit() might call
lock_sock(). We don't need to protect cancel_delayed_work_sync() using lock_sock(), for
even if rds_{send,recv}_worker() re-queued this work while __flush_work() from cancel_delayed_work_sync() was waiting for this work to complete,
retried rds_{send,recv}_worker() is no-op due to the absence of RDS_CONN_UP
bit.

In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() syzbot is reporting lockdep warning at rds_tcp_reset_callbacks() [1], for commit ac3615e7f3cffe2a ("RDS: TCP: Reduce code duplication in rds_tcp_reset_callbacks()") added cancel_delayed_work_sync() into a section protected by lock_sock() without realizing that rds_send_xmit() might call lock_sock(). We don't need to protect cancel_delayed_work_sync() using lock_sock(), for even if rds_{send,recv}_worker() re-queued this work while __flush_work() from cancel_delayed_work_sync() was waiting for this work to complete, retried rds_{send,recv}_worker() is no-op due to the absence of RDS_CONN_UP bit.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-12-09 CVE Reserved
2025-12-09 CVE Published
2025-12-09 CVE Updated
2026-04-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/ac3615e7f3cffe2a1a6b25172dfd09e138593d82	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5d2ba255e93211e541373469dffbda7c99dfa0e5	2022-10-26
https://git.kernel.org/stable/c/2425007c0967a7c04b0dee7cce05ecf0ca869ad1	2022-10-26
https://git.kernel.org/stable/c/e3cb25d3ad08f5dbd53ce2b31720cad529944322	2022-10-26
https://git.kernel.org/stable/c/360aa7219285fac63dab99706a16f2daf3222abe	2022-10-26
https://git.kernel.org/stable/c/da349221c4d2d4ac5f606c1c3b36d4ef0b3e6a0c	2022-10-26
https://git.kernel.org/stable/c/30bfa5aa7228eb1e67663d67e553627e572cc717	2022-10-26
https://git.kernel.org/stable/c/c380c28ab9b15fc53565909c814f6dd3e7f77c4b	2022-10-24
https://git.kernel.org/stable/c/afe7053c390fe8ff27d0c2ceaece5625283044ba	2022-10-21
https://git.kernel.org/stable/c/a91b750fd6629354460282bbf5146c01b05c4859	2022-10-03

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.9.331 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.9.331"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.14.296 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.14.296"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.19.262 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.19.262"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.4.220 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.4.220"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.10.150 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.10.150"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.15.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.15.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.19.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.19.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.0.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.0.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 6.1"		en		Affected