{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50426","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:53:07.004Z","datePublished":"2025-10-01T11:42:05.613Z","dateUpdated":"2026-05-11T19:19:15.999Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:19:15.999Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_dsp_rproc: Add mutex protection for workqueue\n\nThe workqueue may execute late even after remoteproc is stopped or\nstopping, some resources (rpmsg device and endpoint) have been\nreleased in rproc_stop_subdevices(), then rproc_vq_interrupt()\naccessing these resources will cause kennel dump.\n\nCall trace:\n virtqueue_add_split+0x1ac/0x560\n virtqueue_add_inbuf+0x4c/0x60\n rpmsg_recv_done+0x15c/0x294\n vring_interrupt+0x6c/0xa4\n rproc_vq_interrupt+0x30/0x50\n imx_dsp_rproc_vq_work+0x24/0x40 [imx_dsp_rproc]\n process_one_work+0x1d0/0x354\n worker_thread+0x13c/0x470\n kthread+0x154/0x160\n ret_from_fork+0x10/0x20\n\nAdd mutex protection in imx_dsp_rproc_vq_work(), if the state is\nnot running, then just skip calling rproc_vq_interrupt().\n\nAlso the flush workqueue operation can't be added in rproc stop\nfor the same reason. The call sequence is\n\nrproc_shutdown\n-> rproc_stop\n   ->rproc_stop_subdevices\n   ->rproc->ops->stop()\n     ->imx_dsp_rproc_stop\n       ->flush_work\n         -> rproc_vq_interrupt\n\nThe resource needed by rproc_vq_interrupt has been released in\nrproc_stop_subdevices, so flush_work is not safe to be called in\nimx_dsp_rproc_stop."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/remoteproc/imx_dsp_rproc.c"],"versions":[{"version":"ec0e5549f3586d2cb99a05edd006d722ebad912c","lessThan":"4a3e1fa7a77838617bdbcd95127ce93a959fad44","status":"affected","versionType":"git"},{"version":"ec0e5549f3586d2cb99a05edd006d722ebad912c","lessThan":"b9693304b7133b81741add5bfb56f022596df012","status":"affected","versionType":"git"},{"version":"ec0e5549f3586d2cb99a05edd006d722ebad912c","lessThan":"47e6ab07018edebf94ce873cf50a05ec76ff2dde","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/remoteproc/imx_dsp_rproc.c"],"versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","status":"unaffected","versionType":"semver"},{"version":"6.0.18","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.4","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.0.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4a3e1fa7a77838617bdbcd95127ce93a959fad44"},{"url":"https://git.kernel.org/stable/c/b9693304b7133b81741add5bfb56f022596df012"},{"url":"https://git.kernel.org/stable/c/47e6ab07018edebf94ce873cf50a05ec76ff2dde"}],"title":"remoteproc: imx_dsp_rproc: Add mutex protection for workqueue","x_generator":{"engine":"bippy-1.2.0"}}}}