{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50193","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-06-18T10:57:27.428Z","datePublished":"2025-06-18T11:03:38.262Z","dateUpdated":"2026-05-11T19:14:35.492Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:14:35.492Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: wake up all waiters after z_erofs_lzma_head ready\n\nWhen the user mounts the erofs second times, the decompression thread\nmay hung. The problem happens due to a sequence of steps like the\nfollowing:\n\n1) Task A called z_erofs_load_lzma_config which obtain all of the node\n   from the z_erofs_lzma_head.\n\n2) At this time, task B called the z_erofs_lzma_decompress and wanted to\n   get a node. But the z_erofs_lzma_head was empty, the Task B had to\n   sleep.\n\n3) Task A release nodes and push nodes into the z_erofs_lzma_head. But\n   task B was still sleeping.\n\nOne example report when the hung happens:\ntask:kworker/u3:1 state:D stack:14384 pid: 86 ppid: 2 flags:0x00004000\nWorkqueue: erofs_unzipd z_erofs_decompressqueue_work\nCall Trace:\n <TASK>\n __schedule+0x281/0x760\n schedule+0x49/0xb0\n z_erofs_lzma_decompress+0x4bc/0x580\n ? cpu_core_flags+0x10/0x10\n z_erofs_decompress_pcluster+0x49b/0xba0\n ? __update_load_avg_se+0x2b0/0x330\n ? __update_load_avg_se+0x2b0/0x330\n ? update_load_avg+0x5f/0x690\n ? update_load_avg+0x5f/0x690\n ? set_next_entity+0xbd/0x110\n ? _raw_spin_unlock+0xd/0x20\n z_erofs_decompress_queue.isra.0+0x2e/0x50\n z_erofs_decompressqueue_work+0x30/0x60\n process_one_work+0x1d3/0x3a0\n worker_thread+0x45/0x3a0\n ? process_one_work+0x3a0/0x3a0\n kthread+0xe2/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n </TASK>"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/erofs/decompressor_lzma.c"],"versions":[{"version":"622ceaddb7649ca328832f50ba1400af778d75fa","lessThan":"2478e36ec437a27f8a05bea9e4269a68c554e21f","status":"affected","versionType":"git"},{"version":"622ceaddb7649ca328832f50ba1400af778d75fa","lessThan":"96aa2a6a89618d850ef082e4268007e840c28769","status":"affected","versionType":"git"},{"version":"622ceaddb7649ca328832f50ba1400af778d75fa","lessThan":"2df7c4bd7c1d2bc5ece5e9ed19dbd386810c2a65","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/erofs/decompressor_lzma.c"],"versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","status":"unaffected","versionType":"semver"},{"version":"5.18.18","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19.2","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.18.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.19.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2478e36ec437a27f8a05bea9e4269a68c554e21f"},{"url":"https://git.kernel.org/stable/c/96aa2a6a89618d850ef082e4268007e840c28769"},{"url":"https://git.kernel.org/stable/c/2df7c4bd7c1d2bc5ece5e9ed19dbd386810c2a65"}],"title":"erofs: wake up all waiters after z_erofs_lzma_head ready","x_generator":{"engine":"bippy-1.2.0"}}}}