{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50008","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-06-18T10:57:27.388Z","datePublished":"2025-06-18T11:01:13.331Z","dateUpdated":"2026-05-11T19:10:56.412Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:10:56.412Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: don't call disarm_kprobe() for disabled kprobes\n\nThe assumption in __disable_kprobe() is wrong, and it could try to disarm\nan already disarmed kprobe and fire the WARN_ONCE() below. [0]  We can\neasily reproduce this issue.\n\n1. Write 0 to /sys/kernel/debug/kprobes/enabled.\n\n  # echo 0 > /sys/kernel/debug/kprobes/enabled\n\n2. Run execsnoop.  At this time, one kprobe is disabled.\n\n  # /usr/share/bcc/tools/execsnoop &\n  [1] 2460\n  PCOMM            PID    PPID   RET ARGS\n\n  # cat /sys/kernel/debug/kprobes/list\n  ffffffff91345650  r  __x64_sys_execve+0x0    [FTRACE]\n  ffffffff91345650  k  __x64_sys_execve+0x0    [DISABLED][FTRACE]\n\n3. Write 1 to /sys/kernel/debug/kprobes/enabled, which changes\n   kprobes_all_disarmed to false but does not arm the disabled kprobe.\n\n  # echo 1 > /sys/kernel/debug/kprobes/enabled\n\n  # cat /sys/kernel/debug/kprobes/list\n  ffffffff91345650  r  __x64_sys_execve+0x0    [FTRACE]\n  ffffffff91345650  k  __x64_sys_execve+0x0    [DISABLED][FTRACE]\n\n4. Kill execsnoop, when __disable_kprobe() calls disarm_kprobe() for the\n   disabled kprobe and hits the WARN_ONCE() in __disarm_kprobe_ftrace().\n\n  # fg\n  /usr/share/bcc/tools/execsnoop\n  ^C\n\nActually, WARN_ONCE() is fired twice, and __unregister_kprobe_top() misses\nsome cleanups and leaves the aggregated kprobe in the hash table.  Then,\n__unregister_trace_kprobe() initialises tk->rp.kp.list and creates an\ninfinite loop like this.\n\n  aggregated kprobe.list -> kprobe.list -.\n                                     ^    |\n                                     '.__.'\n\nIn this situation, these commands fall into the infinite loop and result\nin RCU stall or soft lockup.\n\n  cat /sys/kernel/debug/kprobes/list : show_kprobe_addr() enters into the\n                                       infinite loop with RCU.\n\n  /usr/share/bcc/tools/execsnoop : warn_kprobe_rereg() holds kprobe_mutex,\n                                   and __get_valid_kprobe() is stuck in\n\t\t\t\t   the loop.\n\nTo avoid the issue, make sure we don't call disarm_kprobe() for disabled\nkprobes.\n\n[0]\nFailed to disarm kprobe-ftrace at __x64_sys_execve+0x0/0x40 (error -2)\nWARNING: CPU: 6 PID: 2460 at kernel/kprobes.c:1130 __disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)\nModules linked in: ena\nCPU: 6 PID: 2460 Comm: execsnoop Not tainted 5.19.0+ #28\nHardware name: Amazon EC2 c5.2xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:__disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)\nCode: 24 8b 02 eb c1 80 3d c4 83 f2 01 00 75 d4 48 8b 75 00 89 c2 48 c7 c7 90 fa 0f 92 89 04 24 c6 05 ab 83 01 e8 e4 94 f0 ff <0f> 0b 8b 04 24 eb b1 89 c6 48 c7 c7 60 fa 0f 92 89 04 24 e8 cc 94\nRSP: 0018:ffff9e6ec154bd98 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff930f7b00 RCX: 0000000000000001\nRDX: 0000000080000001 RSI: ffffffff921461c5 RDI: 00000000ffffffff\nRBP: ffff89c504286da8 R08: 0000000000000000 R09: c0000000fffeffff\nR10: 0000000000000000 R11: ffff9e6ec154bc28 R12: ffff89c502394e40\nR13: ffff89c502394c00 R14: ffff9e6ec154bc00 R15: 0000000000000000\nFS:  00007fe800398740(0000) GS:ffff89c812d80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000c00057f010 CR3: 0000000103b54006 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n<TASK>\n __disable_kprobe (kernel/kprobes.c:1716)\n disable_kprobe (kernel/kprobes.c:2392)\n __disable_trace_kprobe (kernel/trace/trace_kprobe.c:340)\n disable_trace_kprobe (kernel/trace/trace_kprobe.c:429)\n perf_trace_event_unreg.isra.2 (./include/linux/tracepoint.h:93 kernel/trace/trace_event_perf.c:168)\n perf_kprobe_destroy (kernel/trace/trace_event_perf.c:295)\n _free_event (kernel/events/core.c:4971)\n perf_event_release_kernel (kernel/events/core.c:5176)\n perf_release (kernel/events/core.c:5186)\n __fput (fs/file_table.c:321)\n task_work_run (./include/linux/\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/kprobes.c"],"versions":[{"version":"69d54b916d83872a0a327778a01af2a096923f59","lessThan":"19cd630712e7c13a3dedfc6986a9b983fed6fd98","status":"affected","versionType":"git"},{"version":"69d54b916d83872a0a327778a01af2a096923f59","lessThan":"6f3c1bc22fc2165461883f506b4d2c3594bd7137","status":"affected","versionType":"git"},{"version":"69d54b916d83872a0a327778a01af2a096923f59","lessThan":"fc91d2db55acdaf0c0075b624e572d3520ca3bc3","status":"affected","versionType":"git"},{"version":"69d54b916d83872a0a327778a01af2a096923f59","lessThan":"b474ff1b20951f1eac75d100a93861e6da2b522b","status":"affected","versionType":"git"},{"version":"69d54b916d83872a0a327778a01af2a096923f59","lessThan":"744b0d3080709a172f0408aedabd1cedd24c2ee6","status":"affected","versionType":"git"},{"version":"69d54b916d83872a0a327778a01af2a096923f59","lessThan":"55c7a91527343d2e0b5647cc308c6e04ddd2aa52","status":"affected","versionType":"git"},{"version":"69d54b916d83872a0a327778a01af2a096923f59","lessThan":"bc3188d8a3b8c08c306a4c851ddb2c92ba4599ca","status":"affected","versionType":"git"},{"version":"69d54b916d83872a0a327778a01af2a096923f59","lessThan":"9c80e79906b4ca440d09e7f116609262bb747909","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/kprobes.c"],"versions":[{"version":"4.0","status":"affected"},{"version":"0","lessThan":"4.0","status":"unaffected","versionType":"semver"},{"version":"4.9.327","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.292","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.257","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.212","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.141","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.65","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.6","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.9.327"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.14.292"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.19.257"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"5.4.212"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"5.10.141"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"5.15.65"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"5.19.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/19cd630712e7c13a3dedfc6986a9b983fed6fd98"},{"url":"https://git.kernel.org/stable/c/6f3c1bc22fc2165461883f506b4d2c3594bd7137"},{"url":"https://git.kernel.org/stable/c/fc91d2db55acdaf0c0075b624e572d3520ca3bc3"},{"url":"https://git.kernel.org/stable/c/b474ff1b20951f1eac75d100a93861e6da2b522b"},{"url":"https://git.kernel.org/stable/c/744b0d3080709a172f0408aedabd1cedd24c2ee6"},{"url":"https://git.kernel.org/stable/c/55c7a91527343d2e0b5647cc308c6e04ddd2aa52"},{"url":"https://git.kernel.org/stable/c/bc3188d8a3b8c08c306a4c851ddb2c92ba4599ca"},{"url":"https://git.kernel.org/stable/c/9c80e79906b4ca440d09e7f116609262bb747909"}],"title":"kprobes: don't call disarm_kprobe() for disabled kprobes","x_generator":{"engine":"bippy-1.2.0"}}}}