CVE-2022-50430 in Linux
Summary
by MITRE • 10/01/2025
In the Linux kernel, the following vulnerability has been resolved:
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
vub300_enable_sdio_irq() works with mutex and need TASK_RUNNING here. Ensure that we mark current as TASK_RUNNING for sleepable context.
[ 77.554641] do not call blocking ops when !TASK_RUNNING; state=1 set at [<ffffffff92a72c1d>] sdio_irq_thread+0x17d/0x5b0
[ 77.554652] WARNING: CPU: 2 PID: 1983 at kernel/sched/core.c:9813 __might_sleep+0x116/0x160
[ 77.554905] CPU: 2 PID: 1983 Comm: ksdioirqd/mmc1 Tainted: G OE 6.1.0-rc5 #1
[ 77.554910] Hardware name: Intel(R) Client Systems NUC8i7BEH/NUC8BEB, BIOS BECFL357.86A.0081.2020.0504.1834 05/04/2020
[ 77.554912] RIP: 0010:__might_sleep+0x116/0x160
[ 77.554920] RSP: 0018:ffff888107b7fdb8 EFLAGS: 00010282
[ 77.554923] RAX: 0000000000000000 RBX: ffff888118c1b740 RCX: 0000000000000000
[ 77.554926] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffed1020f6ffa9
[ 77.554928] RBP: ffff888107b7fde0 R08: 0000000000000001 R09: ffffed1043ea60ba
[ 77.554930] R10: ffff88821f5305cb R11: ffffed1043ea60b9 R12: ffffffff93aa3a60
[ 77.554932] R13: 000000000000011b R14: 7fffffffffffffff R15: ffffffffc0558660
[ 77.554934] FS: 0000000000000000(0000) GS:ffff88821f500000(0000) knlGS:0000000000000000
[ 77.554937] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 77.554939] CR2: 00007f8a44010d68 CR3: 000000024421a003 CR4: 00000000003706e0
[ 77.554942] Call Trace:
[ 77.554944] <TASK>
[ 77.554952] mutex_lock+0x78/0xf0
[ 77.554973] vub300_enable_sdio_irq+0x103/0x3c0 [vub300]
[ 77.554981] sdio_irq_thread+0x25c/0x5b0
[ 77.555006] kthread+0x2b8/0x370
[ 77.555017] ret_from_fork+0x1f/0x30
[ 77.555023] </TASK>
[ 77.555025] ---[ end trace 0000000000000000 ]---
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/22/2026
The vulnerability identified as CVE-2022-50430 affects the Linux kernel's mmc subsystem, specifically within the vub300 driver implementation. This issue manifests as a warning condition that occurs when blocking operations are attempted while the current task is not in TASK_RUNNING state, which violates kernel scheduling and concurrency principles. The problem originates from the vub300_enable_sdio_irq() function that employs mutex locking mechanisms and requires proper task state management to operate correctly within sleepable contexts.
The technical flaw stems from improper task state handling within the kernel's SDIO interrupt thread execution environment. When the sdio_irq_thread function calls vub300_enable_sdio_irq(), it attempts to acquire a mutex lock while the task may not be in the appropriate state for blocking operations. The kernel's __might_sleep function detects this condition and triggers a warning because the current execution context does not permit sleeping operations. This violation occurs at kernel/sched/core.c line 9813 where the system enforces strict rules about when blocking operations can occur, particularly in contexts where the task state is not properly set to TASK_RUNNING.
The operational impact of this vulnerability extends beyond simple warning messages to potentially affect system stability and performance in embedded systems using vub300 SDIO controllers. The warning indicates that the kernel's concurrency management mechanisms are being bypassed or misused, which could lead to race conditions, deadlocks, or improper interrupt handling in devices that rely on SDIO communication protocols. This vulnerability affects systems running kernel versions that include the vub300 driver, particularly those using Intel NUC hardware platforms where the issue was originally observed.
Mitigation strategies for this vulnerability involve ensuring proper task state management within the vub300 driver's interrupt handling code. The fix requires explicitly marking the current task as TASK_RUNNING before attempting blocking operations within sleepable contexts. This approach aligns with the kernel's design principles and the ATT&CK framework's system hardening concepts, particularly those related to privilege escalation and operating system security. The solution involves modifying the vub300_enable_sdio_irq() function to properly manage task states before mutex operations, thereby preventing the kernel from triggering the __might_sleep warning. This vulnerability demonstrates the importance of adhering to kernel programming best practices and maintaining proper synchronization primitives within interrupt contexts, as outlined in CWE-362 related to concurrent execution using inappropriate synchronization mechanisms.