{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50177", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-06-18T10:57:27.427Z", "datePublished": "2025-06-18T11:03:27.588Z", "dateUpdated": "2025-06-18T11:03:27.588Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-06-18T11:03:27.588Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcutorture: Fix ksoftirqd boosting timing and iteration\n\nThe RCU priority boosting can fail in two situations:\n\n1) If (nr_cpus= > maxcpus=), which means if the total number of CPUs\nis higher than those brought online at boot, then torture_onoff() may\nlater bring up CPUs that weren't online on boot. Now since rcutorture\ninitialization only boosts the ksoftirqds of the CPUs that have been\nset online on boot, the CPUs later set online by torture_onoff won't\nbenefit from the boost, making RCU priority boosting fail.\n\n2) The ksoftirqd kthreads are boosted after the creation of\nrcu_torture_boost() kthreads, which opens a window large enough for these\nrcu_torture_boost() kthreads to wait (despite running at FIFO priority)\nfor ksoftirqds that are still running at SCHED_NORMAL priority.\n\nThe issues can trigger for example with:\n\n\t./kvm.sh --configs TREE01 --kconfig \"CONFIG_RCU_BOOST=y\"\n\n\t[ 34.968561] rcu-torture: !!!\n\t[ 34.968627] ------------[ cut here ]------------\n\t[ 35.014054] WARNING: CPU: 4 PID: 114 at kernel/rcu/rcutorture.c:1979 rcu_torture_stats_print+0x5ad/0x610\n\t[ 35.052043] Modules linked in:\n\t[ 35.069138] CPU: 4 PID: 114 Comm: rcu_torture_sta Not tainted 5.18.0-rc1 #1\n\t[ 35.096424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014\n\t[ 35.154570] RIP: 0010:rcu_torture_stats_print+0x5ad/0x610\n\t[ 35.198527] Code: 63 1b 02 00 74 02 0f 0b 48 83 3d 35 63 1b 02 00 74 02 0f 0b 48 83 3d 21 63 1b 02 00 74 02 0f 0b 48 83 3d 0d 63 1b 02 00 74 02 <0f> 0b 83 eb 01 0f 8e ba fc ff ff 0f 0b e9 b3 fc ff f82\n\t[ 37.251049] RSP: 0000:ffffa92a0050bdf8 EFLAGS: 00010202\n\t[ 37.277320] rcu: De-offloading 8\n\t[ 37.290367] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001\n\t[ 37.290387] RDX: 0000000000000000 RSI: 00000000ffffbfff RDI: 00000000ffffffff\n\t[ 37.290398] RBP: 000000000000007b R08: 0000000000000000 R09: c0000000ffffbfff\n\t[ 37.290407] R10: 000000000000002a R11: ffffa92a0050bc18 R12: ffffa92a0050be20\n\t[ 37.290417] R13: ffffa92a0050be78 R14: 0000000000000000 R15: 000000000001bea0\n\t[ 37.290427] FS: 0000000000000000(0000) GS:ffff96045eb00000(0000) knlGS:0000000000000000\n\t[ 37.290448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\t[ 37.290460] CR2: 0000000000000000 CR3: 000000001dc0c000 CR4: 00000000000006e0\n\t[ 37.290470] Call Trace:\n\t[ 37.295049] <TASK>\n\t[ 37.295065] ? preempt_count_add+0x63/0x90\n\t[ 37.295095] ? _raw_spin_lock_irqsave+0x12/0x40\n\t[ 37.295125] ? rcu_torture_stats_print+0x610/0x610\n\t[ 37.295143] rcu_torture_stats+0x29/0x70\n\t[ 37.295160] kthread+0xe3/0x110\n\t[ 37.295176] ? kthread_complete_and_exit+0x20/0x20\n\t[ 37.295193] ret_from_fork+0x22/0x30\n\t[ 37.295218] </TASK>\n\nFix this with boosting the ksoftirqds kthreads from the boosting\nhotplug callback itself and before the boosting kthreads are created."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/rcu/rcutorture.c"], "versions": [{"version": "ea6d962e80b61996aeacb443661cc3adcb605315", "lessThan": "621595f771a6bd458ffbc40679e222ba5d0a7a1e", "status": "affected", "versionType": "git"}, {"version": "ea6d962e80b61996aeacb443661cc3adcb605315", "lessThan": "8e84693621f53bf894af9905a6531e0530402145", "status": "affected", "versionType": "git"}, {"version": "ea6d962e80b61996aeacb443661cc3adcb605315", "lessThan": "7e7472c62c6ded322afd9d5ac8bb20a08e7c5674", "status": "affected", "versionType": "git"}, {"version": "ea6d962e80b61996aeacb443661cc3adcb605315", "lessThan": "3002153a91a9732a6d1d0bb95138593c7da15743", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/rcu/rcutorture.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.61", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.18", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.2", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.15.61"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.18.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.19.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/621595f771a6bd458ffbc40679e222ba5d0a7a1e"}, {"url": "https://git.kernel.org/stable/c/8e84693621f53bf894af9905a6531e0530402145"}, {"url": "https://git.kernel.org/stable/c/7e7472c62c6ded322afd9d5ac8bb20a08e7c5674"}, {"url": "https://git.kernel.org/stable/c/3002153a91a9732a6d1d0bb95138593c7da15743"}], "title": "rcutorture: Fix ksoftirqd boosting timing and iteration", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcutorture: Fix ksoftirqd boosting timing and iteration\n\nThe RCU priority boosting can fail in two situations:\n\n1) If (nr_cpus= > maxcpus=), which means if the total number of CPUs\nis higher than those brought online at boot, then torture_onoff() may\nlater bring up CPUs that weren't online on boot. Now since rcutorture\ninitialization only boosts the ksoftirqds of the CPUs that have been\nset online on boot, the CPUs later set online by torture_onoff won't\nbenefit from the boost, making RCU priority boosting fail.\n\n2) The ksoftirqd kthreads are boosted after the creation of\nrcu_torture_boost() kthreads, which opens a window large enough for these\nrcu_torture_boost() kthreads to wait (despite running at FIFO priority)\nfor ksoftirqds that are still running at SCHED_NORMAL priority.\n\nThe issues can trigger for example with:\n\n\t./kvm.sh --configs TREE01 --kconfig \"CONFIG_RCU_BOOST=y\"\n\n\t[ 34.968561] rcu-torture: !!!\n\t[ 34.968627] ------------[ cut here ]------------\n\t[ 35.014054] WARNING: CPU: 4 PID: 114 at kernel/rcu/rcutorture.c:1979 rcu_torture_stats_print+0x5ad/0x610\n\t[ 35.052043] Modules linked in:\n\t[ 35.069138] CPU: 4 PID: 114 Comm: rcu_torture_sta Not tainted 5.18.0-rc1 #1\n\t[ 35.096424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014\n\t[ 35.154570] RIP: 0010:rcu_torture_stats_print+0x5ad/0x610\n\t[ 35.198527] Code: 63 1b 02 00 74 02 0f 0b 48 83 3d 35 63 1b 02 00 74 02 0f 0b 48 83 3d 21 63 1b 02 00 74 02 0f 0b 48 83 3d 0d 63 1b 02 00 74 02 <0f> 0b 83 eb 01 0f 8e ba fc ff ff 0f 0b e9 b3 fc ff f82\n\t[ 37.251049] RSP: 0000:ffffa92a0050bdf8 EFLAGS: 00010202\n\t[ 37.277320] rcu: De-offloading 8\n\t[ 37.290367] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001\n\t[ 37.290387] RDX: 0000000000000000 RSI: 00000000ffffbfff RDI: 00000000ffffffff\n\t[ 37.290398] RBP: 000000000000007b R08: 0000000000000000 R09: c0000000ffffbfff\n\t[ 37.290407] R10: 000000000000002a R11: ffffa92a0050bc18 R12: ffffa92a0050be20\n\t[ 37.290417] R13: ffffa92a0050be78 R14: 0000000000000000 R15: 000000000001bea0\n\t[ 37.290427] FS: 0000000000000000(0000) GS:ffff96045eb00000(0000) knlGS:0000000000000000\n\t[ 37.290448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\t[ 37.290460] CR2: 0000000000000000 CR3: 000000001dc0c000 CR4: 00000000000006e0\n\t[ 37.290470] Call Trace:\n\t[ 37.295049] <TASK>\n\t[ 37.295065] ? preempt_count_add+0x63/0x90\n\t[ 37.295095] ? _raw_spin_lock_irqsave+0x12/0x40\n\t[ 37.295125] ? rcu_torture_stats_print+0x610/0x610\n\t[ 37.295143] rcu_torture_stats+0x29/0x70\n\t[ 37.295160] kthread+0xe3/0x110\n\t[ 37.295176] ? kthread_complete_and_exit+0x20/0x20\n\t[ 37.295193] ret_from_fork+0x22/0x30\n\t[ 37.295218] </TASK>\n\nFix this with boosting the ksoftirqds kthreads from the boosting\nhotplug callback itself and before the boosting kthreads are created."}], "id": "CVE-2022-50177", "lastModified": "2025-06-18T13:47:40.833", "metrics": {}, "published": "2025-06-18T11:15:48.107", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3002153a91a9732a6d1d0bb95138593c7da15743"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/621595f771a6bd458ffbc40679e222ba5d0a7a1e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7e7472c62c6ded322afd9d5ac8bb20a08e7c5674"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8e84693621f53bf894af9905a6531e0530402145"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2022:7683", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-425.3.1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: rcutorture: Fix ksoftirqd boosting timing and iteration", "id": "2373568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373568"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nrcutorture: Fix ksoftirqd boosting timing and iteration\nThe RCU priority boosting can fail in two situations:\n1) If (nr_cpus= > maxcpus=), which means if the total number of CPUs\nis higher than those brought online at boot, then torture_onoff() may\nlater bring up CPUs that weren't online on boot. Now since rcutorture\ninitialization only boosts the ksoftirqds of the CPUs that have been\nset online on boot, the CPUs later set online by torture_onoff won't\nbenefit from the boost, making RCU priority boosting fail.\n2) The ksoftirqd kthreads are boosted after the creation of\nrcu_torture_boost() kthreads, which opens a window large enough for these\nrcu_torture_boost() kthreads to wait (despite running at FIFO priority)\nfor ksoftirqds that are still running at SCHED_NORMAL priority.\nThe issues can trigger for example with:\n./kvm.sh --configs TREE01 --kconfig \"CONFIG_RCU_BOOST=y\"\n[ 34.968561] rcu-torture: !!!\n[ 34.968627] ------------[ cut here ]------------\n[ 35.014054] WARNING: CPU: 4 PID: 114 at kernel/rcu/rcutorture.c:1979 rcu_torture_stats_print+0x5ad/0x610\n[ 35.052043] Modules linked in:\n[ 35.069138] CPU: 4 PID: 114 Comm: rcu_torture_sta Not tainted 5.18.0-rc1 #1\n[ 35.096424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014\n[ 35.154570] RIP: 0010:rcu_torture_stats_print+0x5ad/0x610\n[ 35.198527] Code: 63 1b 02 00 74 02 0f 0b 48 83 3d 35 63 1b 02 00 74 02 0f 0b 48 83 3d 21 63 1b 02 00 74 02 0f 0b 48 83 3d 0d 63 1b 02 00 74 02 <0f> 0b 83 eb 01 0f 8e ba fc ff ff 0f 0b e9 b3 fc ff f82\n[ 37.251049] RSP: 0000:ffffa92a0050bdf8 EFLAGS: 00010202\n[ 37.277320] rcu: De-offloading 8\n[ 37.290367] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001\n[ 37.290387] RDX: 0000000000000000 RSI: 00000000ffffbfff RDI: 00000000ffffffff\n[ 37.290398] RBP: 000000000000007b R08: 0000000000000000 R09: c0000000ffffbfff\n[ 37.290407] R10: 000000000000002a R11: ffffa92a0050bc18 R12: ffffa92a0050be20\n[ 37.290417] R13: ffffa92a0050be78 R14: 0000000000000000 R15: 000000000001bea0\n[ 37.290427] FS: 0000000000000000(0000) GS:ffff96045eb00000(0000) knlGS:0000000000000000\n[ 37.290448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 37.290460] CR2: 0000000000000000 CR3: 000000001dc0c000 CR4: 00000000000006e0\n[ 37.290470] Call Trace:\n[ 37.295049] <TASK>\n[ 37.295065] ? preempt_count_add+0x63/0x90\n[ 37.295095] ? _raw_spin_lock_irqsave+0x12/0x40\n[ 37.295125] ? rcu_torture_stats_print+0x610/0x610\n[ 37.295143] rcu_torture_stats+0x29/0x70\n[ 37.295160] kthread+0xe3/0x110\n[ 37.295176] ? kthread_complete_and_exit+0x20/0x20\n[ 37.295193] ret_from_fork+0x22/0x30\n[ 37.295218] </TASK>\nFix this with boosting the ksoftirqds kthreads from the boosting\nhotplug callback itself and before the boosting kthreads are created."], "name": "CVE-2022-50177", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-50177\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50177\nhttps://lore.kernel.org/linux-cve-announce/2025061831-CVE-2022-50177-1d63@gregkh/T"], "threat_severity": "Moderate"}