CVE-2022-50193 Information

Jun 19, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

erofs: wake up all waiters after z_erofs_lzma_head ready

When the user mounts the erofs second times the decompression thread may hung. The problem happens due to a sequence of steps like the following:

  1. Task A called z_erofs_load_lzma_config which obtain all of the node from the z_erofs_lzma_head.

  2. At this time task B called the z_erofs_lzma_decompress and wanted to get a node. But the z_erofs_lzma_head was empty the Task B had to sleep.

  3. Task A release nodes and push nodes into the z_erofs_lzma_head. But task B was still sleeping.

One example report when the hung happens: task:kworker/u3:1 state:D stack:14384 pid: 86 ppid: 2 flags:0x00004000 Workqueue: erofs_unzipd z_erofs_decompressqueue_work Call Trace: __schedule+0x281/0x760 schedule+0x49/0xb0 z_erofs_lzma_decompress+0x4bc/0x580 ? cpu_core_flags+0x10/0x10 z_erofs_decompress_pcluster+0x49b/0xba0 ? __update_load_avg_se+0x2b0/0x330 ? __update_load_avg_se+0x2b0/0x330 ? update_load_avg+0x5f/0x690 ? update_load_avg+0x5f/0x690 ? set_next_entity+0xbd/0x110 ? _raw_spin_unlock+0xd/0x20 z_erofs_decompress_queue.isra.0+0x2e/0x50 z_erofs_decompressqueue_work+0x30/0x60 process_one_work+0x1d3/0x3a0 worker_thread+0x45/0x3a0 ? process_one_work+0x3a0/0x3a0 kthread+0xe2/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30

Reference

https://git.kernel.org/stable/c/2478e36ec437a27f8a05bea9e4269a68c554e21f https://git.kernel.org/stable/c/2df7c4bd7c1d2bc5ece5e9ed19dbd386810c2a65 https://git.kernel.org/stable/c/96aa2a6a89618d850ef082e4268007e840c28769

CNNVD-202506-2482 (Published: 2025-06-18)

Share on: