CVE-2022-50363 in Linux
Summary
by MITRE • 09/17/2025
In the Linux kernel, the following vulnerability has been resolved:
skmsg: pass gfp argument to alloc_sk_msg()
syzbot found that alloc_sk_msg() could be called from a non sleepable context. sk_psock_verdict_recv() uses rcu_read_lock() protection.
We need the callers to pass a gfp_t argument to avoid issues.
syzbot report was:
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3613, name: syz-executor414 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 INFO: lockdep is turned off. CPU: 0 PID: 3613 Comm: syz-executor414 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 __might_resched+0x538/0x6a0 kernel/sched/core.c:9877 might_alloc include/linux/sched/mm.h:274 [inline]
slab_pre_alloc_hook mm/slab.h:700 [inline]
slab_alloc_node mm/slub.c:3162 [inline]
slab_alloc mm/slub.c:3256 [inline]
kmem_cache_alloc_trace+0x59/0x310 mm/slub.c:3287 kmalloc include/linux/slab.h:600 [inline]
kzalloc include/linux/slab.h:733 [inline]
alloc_sk_msg net/core/skmsg.c:507 [inline]
sk_psock_skb_ingress_self+0x5c/0x330 net/core/skmsg.c:600 sk_psock_verdict_apply+0x395/0x440 net/core/skmsg.c:1014 sk_psock_verdict_recv+0x34d/0x560 net/core/skmsg.c:1201 tcp_read_skb+0x4a1/0x790 net/ipv4/tcp.c:1770 tcp_rcv_established+0x129d/0x1a10 net/ipv4/tcp_input.c:5971 tcp_v4_do_rcv+0x479/0xac0 net/ipv4/tcp_ipv4.c:1681 sk_backlog_rcv include/net/sock.h:1109 [inline]
__release_sock+0x1d8/0x4c0 net/core/sock.c:2906 release_sock+0x5d/0x1c0 net/core/sock.c:3462 tcp_sendmsg+0x36/0x40 net/ipv4/tcp.c:1483 sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
__sys_sendto+0x46d/0x5f0 net/socket.c:2117 __do_sys_sendto net/socket.c:2129 [inline]
__se_sys_sendto net/socket.c:2125 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2125 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/27/2025
The vulnerability identified as CVE-2022-50363 resides within the Linux kernel's socket messaging subsystem, specifically affecting the skmsg module. This issue manifests when the alloc_sk_msg() function is invoked from a non-sleepable context, creating a critical conflict with kernel memory allocation mechanisms. The problem was discovered through automated fuzzing by syzbot, which revealed that the function calls were being executed in contexts where sleeping operations are prohibited, leading to potential system instability and kernel panics.
The technical flaw stems from the alloc_sk_msg() function's inability to properly handle memory allocation requests when called from contexts that cannot sleep. During execution, the function attempts to allocate memory using standard kernel allocation mechanisms that may block, which is strictly forbidden in certain kernel contexts such as those protected by rcu_read_lock(). The call trace demonstrates this issue occurring during TCP packet processing when sk_psock_verdict_recv() invokes sk_psock_skb_ingress_self(), which then calls alloc_sk_msg(). This sequence violates kernel scheduling and memory management policies by attempting to perform potentially blocking operations in atomic contexts.
The operational impact of this vulnerability extends beyond simple system crashes to encompass potential denial of service conditions and data integrity risks. When the kernel encounters a sleeping function call in a non-sleepable context, it triggers the kernel's BUG mechanism, resulting in immediate system termination. This vulnerability affects network processing functions within the TCP stack, meaning that any network traffic processing could potentially trigger the condition, making it particularly dangerous in production environments where continuous network availability is critical. The vulnerability directly relates to CWE-362, which describes concurrent execution use of a resource after it has been released or closed, and aligns with ATT&CK technique T1499.004 for network denial of service attacks.
Mitigation strategies for CVE-2022-50363 require kernel-level patches that ensure callers of alloc_sk_msg() properly pass appropriate gfp_t arguments to control allocation behavior. The fix involves modifying the function signatures and implementation to respect the calling context's constraints, specifically ensuring that memory allocation requests in atomic contexts use non-blocking allocation flags. System administrators should prioritize applying the patched kernel versions from their respective distributions, as this vulnerability can be exploited to cause system instability and requires immediate remediation. Additionally, monitoring for kernel BUG messages related to sleeping functions in atomic contexts should be implemented as part of security operations procedures to detect potential exploitation attempts.