CVE-2022-50350

EUVD-2022-55612

16.09.2025, 17:15

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: iscsi: Fix a race condition between login_work and the login thread

In case a malicious initiator sends some random data immediately after a
login PDU; the iscsi_target_sk_data_ready() callback will schedule the
login_work and, at the same time, the negotiation may end without clearing
the LOGIN_FLAGS_INITIAL_PDU flag (because no additional PDU exchanges are
required to complete the login).

The login has been completed but the login_work function will find the
LOGIN_FLAGS_INITIAL_PDU flag set and will never stop from rescheduling
itself; at this point, if the initiator drops the connection, the
iscsit_conn structure will be freed, login_work will dereference a released
socket structure and the kernel crashes.

BUG: kernel NULL pointer dereference, address: 0000000000000230
PF: supervisor write access in kernel mode
PF: error_code(0x0002) - not-present page
Workqueue: events iscsi_target_do_login_rx [iscsi_target_mod]
RIP: 0010:_raw_read_lock_bh+0x15/0x30
Call trace:
 iscsi_target_do_login_rx+0x75/0x3f0 [iscsi_target_mod]
 process_one_work+0x1e8/0x3c0

Fix this bug by forcing login_work to stop after the login has been
completed and the socket callbacks have been restored.

Add a comment to clearify the return values of iscsi_target_do_login()

Race Condition

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	3.12 ≤ 𝑥 < 6.0.16
linux	linux_kernel	6.1 ≤ 𝑥 < 6.1.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.148-1 fixed
bookworm (security)	6.1.147-1 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
forky	6.16.3-1 fixed
sid	6.16.7-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.41-1 fixed

openSUSE / SLES Releases

openSUSE Product

Release

cluster-md-kmp-default

suse enterprise server 12 SP5

4.12.14-122.280.1

fixed

dlm-kmp-default

suse enterprise server 12 SP5

4.12.14-122.280.1

fixed

gfs2-kmp-default

suse enterprise server 12 SP5

4.12.14-122.280.1

fixed

kernel-default

suse enterprise server 12 SP5

4.12.14-122.280.1

fixed

kernel-default-base

suse enterprise server 12 SP5

4.12.14-122.280.1

fixed

kernel-default-man

suse enterprise server 12 SP5

4.12.14-122.280.1

fixed

kernel-macros

suse enterprise server 12 SP5

4.12.14-122.280.1

fixed

kernel-source

suse enterprise server 12 SP5

4.12.14-122.280.1

fixed

kernel-syms

suse enterprise server 12 SP5

4.12.14-122.280.1

fixed

ocfs2-kmp-default

suse enterprise server 12 SP5

4.12.14-122.280.1

fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

bpftool

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:7.0.0-284.11.1.el9_2 fixed

kernel

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-64k

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-core

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-debug

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-debug-core

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-debug-devel

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-debug-devel-matched

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-debug-modules

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-debug-modules-core

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-debug-modules-extra

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-devel

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-devel-matched

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-modules

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-modules-core

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-64k-modules-extra

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-abi-stablelists

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-core

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-debug

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-debug-core

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-debug-devel

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-debug-devel-matched

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-debug-modules

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-debug-modules-core

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-debug-modules-extra

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-debug-uki-virt

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-devel

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-devel-matched

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-doc

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-modules

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-modules-core

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-modules-extra

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-tools

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-tools-libs

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-tools-libs-devel

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-uki-virt

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-zfcpdump

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-zfcpdump-core

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-zfcpdump-devel

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-zfcpdump-devel-matched

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-zfcpdump-modules

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

kernel-zfcpdump-modules-core

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

kernel-zfcpdump-modules-extra

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

perf

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

python3-perf

RHEL 8	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 AUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.10.1.el8_8 fixed
RHEL 9	0:5.14.0-284.11.1.el9_2 fixed

rtla

RHEL 9

0:5.14.0-284.11.1.el9_2

fixed

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

https://git.kernel.org/stable/c/1533b8b3058db618409f41554ebe768c2e3acfae

https://git.kernel.org/stable/c/3ecdca49ca49d4770639d81503c873b6d25887c4

https://git.kernel.org/stable/c/fec1b2fa62c162d03f5dcd7b03e3c89d3116d49f