CVE-2022-50028

Опубликовано: 18 июн. 2025

Источник: redhat

CVSS3: 5.3

Описание

In the Linux kernel, the following vulnerability has been resolved: gadgetfs: ep_io - wait until IRQ finishes after usb_ep_queue() if wait_for_completion_interruptible() is interrupted we need to wait until IRQ gets finished. Otherwise complete() from epio_complete() can corrupt stack.

A flaw was found in the gadgetfs module in the Linux kernel. If the wait_for_completion_interruptible() function is interrupted, the driver does not wait for the interrupt to finish, causing stack corruption and resulting in a denial of service.

Отчет

This issue has been fixed in Red Hat Enterprise Linux 9.2 via RHSA-2023:2458 [1]. [1]. https://access.redhat.com/errata/RHSA-2023:2458

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 10	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2023:2458	09.05.2023
Red Hat Enterprise Linux 9	kernel	Fixed	RHSA-2023:2458	09.05.2023