DEBIAN-CVE-2022-50676

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2022-50676

Published: 09 Dec 2025, 16:17

Last modified:28 Apr 2026, 20:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

09 Dec 2025, 16:17

Published

Vulnerability first disclosed

28 Apr 2026, 20:25

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() syzbot is reporting lockdep warning at rds_tcp_reset_callbacks() [1], for commit ac3615e7f3cffe2a ("RDS: TCP: Reduce code duplication in rds_tcp_reset_callbacks()") added cancel_delayed_work_sync() into a section protected by lock_sock() without realizing that rds_send_xmit() might call lock_sock(). We don't need to protect cancel_delayed_work_sync() using lock_sock(), for even if rds_{send,recv}_worker() re-queued this work while __flush_work() from cancel_delayed_work_sync() was waiting for this work to complete, retried rds_{send,recv}_worker() is no-op due to the absence of RDS_CONN_UP bit.

Affected Systems

debian•linux
< 5.10.158-1 | < 6.0.3-1 | < 6.0.3-1 | < 6.0.3-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2022-50676