{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50648","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-08T23:57:43.371Z","datePublished":"2025-12-09T00:00:22.410Z","dateUpdated":"2026-05-11T19:22:54.742Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:22:54.742Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller\n\nNaveen reported recursive locking of direct_mutex with sample\nftrace-direct-modify.ko:\n\n[   74.762406] WARNING: possible recursive locking detected\n[   74.762887] 6.0.0-rc6+ #33 Not tainted\n[   74.763216] --------------------------------------------\n[   74.763672] event-sample-fn/1084 is trying to acquire lock:\n[   74.764152] ffffffff86c9d6b0 (direct_mutex){+.+.}-{3:3}, at: \\\n    register_ftrace_function+0x1f/0x180\n[   74.764922]\n[   74.764922] but task is already holding lock:\n[   74.765421] ffffffff86c9d6b0 (direct_mutex){+.+.}-{3:3}, at: \\\n    modify_ftrace_direct+0x34/0x1f0\n[   74.766142]\n[   74.766142] other info that might help us debug this:\n[   74.766701]  Possible unsafe locking scenario:\n[   74.766701]\n[   74.767216]        CPU0\n[   74.767437]        ----\n[   74.767656]   lock(direct_mutex);\n[   74.767952]   lock(direct_mutex);\n[   74.768245]\n[   74.768245]  *** DEADLOCK ***\n[   74.768245]\n[   74.768750]  May be due to missing lock nesting notation\n[   74.768750]\n[   74.769332] 1 lock held by event-sample-fn/1084:\n[   74.769731]  #0: ffffffff86c9d6b0 (direct_mutex){+.+.}-{3:3}, at: \\\n    modify_ftrace_direct+0x34/0x1f0\n[   74.770496]\n[   74.770496] stack backtrace:\n[   74.770884] CPU: 4 PID: 1084 Comm: event-sample-fn Not tainted ...\n[   74.771498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n[   74.772474] Call Trace:\n[   74.772696]  <TASK>\n[   74.772896]  dump_stack_lvl+0x44/0x5b\n[   74.773223]  __lock_acquire.cold.74+0xac/0x2b7\n[   74.773616]  lock_acquire+0xd2/0x310\n[   74.773936]  ? register_ftrace_function+0x1f/0x180\n[   74.774357]  ? lock_is_held_type+0xd8/0x130\n[   74.774744]  ? my_tramp2+0x11/0x11 [ftrace_direct_modify]\n[   74.775213]  __mutex_lock+0x99/0x1010\n[   74.775536]  ? register_ftrace_function+0x1f/0x180\n[   74.775954]  ? slab_free_freelist_hook.isra.43+0x115/0x160\n[   74.776424]  ? ftrace_set_hash+0x195/0x220\n[   74.776779]  ? register_ftrace_function+0x1f/0x180\n[   74.777194]  ? kfree+0x3e1/0x440\n[   74.777482]  ? my_tramp2+0x11/0x11 [ftrace_direct_modify]\n[   74.777941]  ? __schedule+0xb40/0xb40\n[   74.778258]  ? register_ftrace_function+0x1f/0x180\n[   74.778672]  ? my_tramp1+0xf/0xf [ftrace_direct_modify]\n[   74.779128]  register_ftrace_function+0x1f/0x180\n[   74.779527]  ? ftrace_set_filter_ip+0x33/0x70\n[   74.779910]  ? __schedule+0xb40/0xb40\n[   74.780231]  ? my_tramp1+0xf/0xf [ftrace_direct_modify]\n[   74.780678]  ? my_tramp2+0x11/0x11 [ftrace_direct_modify]\n[   74.781147]  ftrace_modify_direct_caller+0x5b/0x90\n[   74.781563]  ? 0xffffffffa0201000\n[   74.781859]  ? my_tramp1+0xf/0xf [ftrace_direct_modify]\n[   74.782309]  modify_ftrace_direct+0x1b2/0x1f0\n[   74.782690]  ? __schedule+0xb40/0xb40\n[   74.783014]  ? simple_thread+0x2a/0xb0 [ftrace_direct_modify]\n[   74.783508]  ? __schedule+0xb40/0xb40\n[   74.783832]  ? my_tramp2+0x11/0x11 [ftrace_direct_modify]\n[   74.784294]  simple_thread+0x76/0xb0 [ftrace_direct_modify]\n[   74.784766]  kthread+0xf5/0x120\n[   74.785052]  ? kthread_complete_and_exit+0x20/0x20\n[   74.785464]  ret_from_fork+0x22/0x30\n[   74.785781]  </TASK>\n\nFix this by using register_ftrace_function_nolock in\nftrace_modify_direct_caller."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/ftrace.c"],"versions":[{"version":"53cd885bc5c3ea283cc9c00ca6446c778f00bfba","lessThan":"2482eacb685b6500e158268befbe6c90de5f166a","status":"affected","versionType":"git"},{"version":"53cd885bc5c3ea283cc9c00ca6446c778f00bfba","lessThan":"9d2ce78ddcee159eb6a97449e9c68b6d60b9cec4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/ftrace.c"],"versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","status":"unaffected","versionType":"semver"},{"version":"6.0.3","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.0.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2482eacb685b6500e158268befbe6c90de5f166a"},{"url":"https://git.kernel.org/stable/c/9d2ce78ddcee159eb6a97449e9c68b6d60b9cec4"}],"title":"ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller","x_generator":{"engine":"bippy-1.2.0"}}}}