2425036 – (CVE-2022-50712) CVE-2022-50712 kernel: devlink: hold region lock when flushing snapshots

Bug 2425036 (CVE-2022-50712) - CVE-2022-50712 kernel: devlink: hold region lock when flushing snapshots

Summary: CVE-2022-50712 kernel: devlink: hold region lock when flushing snapshots

Keywords:
Status:	NEW
Alias:	CVE-2022-50712
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-24 13:03 UTC by OSIDB Bzimport
Modified:	2025-12-25 07:13 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-24 13:03:42 UTC

In the Linux kernel, the following vulnerability has been resolved:

devlink: hold region lock when flushing snapshots

Netdevsim triggers a splat on reload, when it destroys regions
with snapshots pending:

  WARNING: CPU: 1 PID: 787 at net/core/devlink.c:6291 devlink_region_snapshot_del+0x12e/0x140
  CPU: 1 PID: 787 Comm: devlink Not tainted 6.1.0-07460-g7ae9888d6e1c #580
  RIP: 0010:devlink_region_snapshot_del+0x12e/0x140
  Call Trace:
   <TASK>
   devl_region_destroy+0x70/0x140
   nsim_dev_reload_down+0x2f/0x60 [netdevsim]
   devlink_reload+0x1f7/0x360
   devlink_nl_cmd_reload+0x6ce/0x860
   genl_family_rcv_msg_doit.isra.0+0x145/0x1c0

This is the locking assert in devlink_region_snapshot_del(),
we're supposed to be holding the region->snapshot_lock here.

Comment 1 Alexander B 2025-12-25 07:10:05 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122412-CVE-2022-50712-6c0d@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.