{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50174","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-06-18T10:57:27.427Z","datePublished":"2025-06-18T11:03:25.675Z","dateUpdated":"2026-05-11T19:14:14.751Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:14:14.751Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hinic: avoid kernel hung in hinic_get_stats64()\n\nWhen using hinic device as a bond slave device, and reading device stats\nof master bond device, the kernel may hung.\n\nThe kernel panic calltrace as follows:\nKernel panic - not syncing: softlockup: hung tasks\nCall trace:\n  native_queued_spin_lock_slowpath+0x1ec/0x31c\n  dev_get_stats+0x60/0xcc\n  dev_seq_printf_stats+0x40/0x120\n  dev_seq_show+0x1c/0x40\n  seq_read_iter+0x3c8/0x4dc\n  seq_read+0xe0/0x130\n  proc_reg_read+0xa8/0xe0\n  vfs_read+0xb0/0x1d4\n  ksys_read+0x70/0xfc\n  __arm64_sys_read+0x20/0x30\n  el0_svc_common+0x88/0x234\n  do_el0_svc+0x2c/0x90\n  el0_svc+0x1c/0x30\n  el0_sync_handler+0xa8/0xb0\n  el0_sync+0x148/0x180\n\nAnd the calltrace of task that actually caused kernel hungs as follows:\n  __switch_to+124\n  __schedule+548\n  schedule+72\n  schedule_timeout+348\n  __down_common+188\n  __down+24\n  down+104\n  hinic_get_stats64+44 [hinic]\n  dev_get_stats+92\n  bond_get_stats+172 [bonding]\n  dev_get_stats+92\n  dev_seq_printf_stats+60\n  dev_seq_show+24\n  seq_read_iter+964\n  seq_read+220\n  proc_reg_read+164\n  vfs_read+172\n  ksys_read+108\n  __arm64_sys_read+28\n  el0_svc_common+132\n  do_el0_svc+40\n  el0_svc+24\n  el0_sync_handler+164\n  el0_sync+324\n\nWhen getting device stats from bond, kernel will call bond_get_stats().\nIt first holds the spinlock bond->stats_lock, and then call\nhinic_get_stats64() to collect hinic device's stats.\nHowever, hinic_get_stats64() calls `down(&nic_dev->mgmt_lock)` to\nprotect its critical section, which may schedule current task out.\nAnd if system is under high pressure, the task cannot be woken up\nimmediately, which eventually triggers kernel hung panic.\n\nSince previous patch has replaced hinic_dev.tx_stats/rx_stats with local\nvariable in hinic_get_stats64(), there is nothing need to be protected\nby lock, so just removing down()/up() is ok."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/huawei/hinic/hinic_main.c"],"versions":[{"version":"edd384f682cc2981420628b769a1929db680f02f","lessThan":"e74f3097a9c713ce855cda07713393bcc23a005d","status":"affected","versionType":"git"},{"version":"edd384f682cc2981420628b769a1929db680f02f","lessThan":"693f31dc91568e61047fd2980a8235e856cd9ce8","status":"affected","versionType":"git"},{"version":"edd384f682cc2981420628b769a1929db680f02f","lessThan":"fced5bce712122654ec8a20356342698cce104d2","status":"affected","versionType":"git"},{"version":"edd384f682cc2981420628b769a1929db680f02f","lessThan":"3ba59bbe4f306bb6ee15753db0a40564c0eb7909","status":"affected","versionType":"git"},{"version":"edd384f682cc2981420628b769a1929db680f02f","lessThan":"98f9fcdee35add80505b6c73f72de5f750d5c03c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/huawei/hinic/hinic_main.c"],"versions":[{"version":"4.14","status":"affected"},{"version":"0","lessThan":"4.14","status":"unaffected","versionType":"semver"},{"version":"5.10.137","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.61","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.18.18","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19.2","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.10.137"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.15.61"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.18.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.19.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e74f3097a9c713ce855cda07713393bcc23a005d"},{"url":"https://git.kernel.org/stable/c/693f31dc91568e61047fd2980a8235e856cd9ce8"},{"url":"https://git.kernel.org/stable/c/fced5bce712122654ec8a20356342698cce104d2"},{"url":"https://git.kernel.org/stable/c/3ba59bbe4f306bb6ee15753db0a40564c0eb7909"},{"url":"https://git.kernel.org/stable/c/98f9fcdee35add80505b6c73f72de5f750d5c03c"}],"title":"net: hinic: avoid kernel hung in hinic_get_stats64()","x_generator":{"engine":"bippy-1.2.0"}}}}