CVE-2022-50314
15.09.2025, 15:15
In the Linux kernel, the following vulnerability has been resolved:
nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
syzbot reported hung task [1]. The following program is a simplified
version of the reproducer:
int main(void)
{
int sv[2], fd;
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0)
return 1;
if ((fd = open("/dev/nbd0", 0)) < 0)
return 1;
if (ioctl(fd, NBD_SET_SIZE_BLOCKS, 0x81) < 0)
return 1;
if (ioctl(fd, NBD_SET_SOCK, sv[0]) < 0)
return 1;
if (ioctl(fd, NBD_DO_IT) < 0)
return 1;
return 0;
}
When signal interrupt nbd_start_device_ioctl() waiting the condition
atomic_read(&config->recv_threads) == 0, the task can hung because it
waits the completion of the inflight IOs.
This patch fixes the issue by clearing queue, not just shutdown, when
signal interrupt nbd_start_device_ioctl().Enginsight| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 𝑥 < 4.14.296 |
| linux | linux_kernel | 4.15 ≤ 𝑥 < 4.19.262 |
| linux | linux_kernel | 4.20 ≤ 𝑥 < 5.4.220 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.150 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.75 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 5.19.17 |
| linux | linux_kernel | 6.0 ≤ 𝑥 < 6.0.3 |
𝑥
= Vulnerable software versions
Debian Releases
References