{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50441","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:53:07.010Z","datePublished":"2025-10-01T11:42:17.313Z","dateUpdated":"2026-05-11T19:19:33.378Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:19:33.378Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Lag, fix failure to cancel delayed bond work\n\nCommit 0d4e8ed139d8 (\"net/mlx5: Lag, avoid lockdep warnings\")\naccidentally removed a call to cancel delayed bond work thus it may\ncause queued delay to expire and fall on an already destroyed work\nqueue.\n\nFix by restoring the call cancel_delayed_work_sync() before\ndestroying the workqueue.\n\nThis prevents call trace such as this:\n\n[  329.230417] BUG: kernel NULL pointer dereference, address: 0000000000000000\n [  329.231444] #PF: supervisor write access in kernel mode\n [  329.232233] #PF: error_code(0x0002) - not-present page\n [  329.233007] PGD 0 P4D 0\n [  329.233476] Oops: 0002 [#1] SMP\n [  329.234012] CPU: 5 PID: 145 Comm: kworker/u20:4 Tainted: G OE      6.0.0-rc5_mlnx #1\n [  329.235282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n [  329.236868] Workqueue: mlx5_cmd_0000:08:00.1 cmd_work_handler [mlx5_core]\n [  329.237886] RIP: 0010:_raw_spin_lock+0xc/0x20\n [  329.238585] Code: f0 0f b1 17 75 02 f3 c3 89 c6 e9 6f 3c 5f ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 17 75 02 f3 c3 89 c6 e9 45 3c 5f ff 0f 1f 44 00 00 0f 1f\n [  329.241156] RSP: 0018:ffffc900001b0e98 EFLAGS: 00010046\n [  329.241940] RAX: 0000000000000000 RBX: ffffffff82374ae0 RCX: 0000000000000000\n [  329.242954] RDX: 0000000000000001 RSI: 0000000000000014 RDI: 0000000000000000\n [  329.243974] RBP: ffff888106ccf000 R08: ffff8881004000c8 R09: ffff888100400000\n [  329.244990] R10: 0000000000000000 R11: ffffffff826669f8 R12: 0000000000002000\n [  329.246009] R13: 0000000000000005 R14: ffff888100aa7ce0 R15: ffff88852ca80000\n [  329.247030] FS:  0000000000000000(0000) GS:ffff88852ca80000(0000) knlGS:0000000000000000\n [  329.248260] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [  329.249111] CR2: 0000000000000000 CR3: 000000016d675001 CR4: 0000000000770ee0\n [  329.250133] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [  329.251152] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [  329.252176] PKRU: 55555554"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c"],"versions":[{"version":"ff24a802204620214afa75a5e64280f40015e399","lessThan":"5df57bb04e91add52fb67e226209df9a17f06a89","status":"affected","versionType":"git"},{"version":"0d4e8ed139d871fcb2844dd71075997753baeec8","lessThan":"8f1b8b3133504bf9125ee507ddcc3a8fb41a41f0","status":"affected","versionType":"git"},{"version":"0d4e8ed139d871fcb2844dd71075997753baeec8","lessThan":"4d1c1379d71777ddeda3e54f8fc26e9ecbfd1009","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c"],"versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","status":"unaffected","versionType":"semver"},{"version":"6.0.19","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.5","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.13","versionEndExcluding":"6.0.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5df57bb04e91add52fb67e226209df9a17f06a89"},{"url":"https://git.kernel.org/stable/c/8f1b8b3133504bf9125ee507ddcc3a8fb41a41f0"},{"url":"https://git.kernel.org/stable/c/4d1c1379d71777ddeda3e54f8fc26e9ecbfd1009"}],"title":"net/mlx5: Lag, fix failure to cancel delayed bond work","x_generator":{"engine":"bippy-1.2.0"}}}}