{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2022-50193", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-06-18T10:57:27.428Z", "datePublished": "2025-06-18T11:03:38.262Z", "dateUpdated": "2026-05-11T19:14:35.492Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:14:35.492Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: wake up all waiters after z_erofs_lzma_head ready\n\nWhen the user mounts the erofs second times, the decompression thread\nmay hung. The problem happens due to a sequence of steps like the\nfollowing:\n\n1) Task A called z_erofs_load_lzma_config which obtain all of the node\n from the z_erofs_lzma_head.\n\n2) At this time, task B called the z_erofs_lzma_decompress and wanted to\n get a node. But the z_erofs_lzma_head was empty, the Task B had to\n sleep.\n\n3) Task A release nodes and push nodes into the z_erofs_lzma_head. But\n task B was still sleeping.\n\nOne example report when the hung happens:\ntask:kworker/u3:1 state:D stack:14384 pid: 86 ppid: 2 flags:0x00004000\nWorkqueue: erofs_unzipd z_erofs_decompressqueue_work\nCall Trace:\n \n __schedule+0x281/0x760\n schedule+0x49/0xb0\n z_erofs_lzma_decompress+0x4bc/0x580\n ? cpu_core_flags+0x10/0x10\n z_erofs_decompress_pcluster+0x49b/0xba0\n ? __update_load_avg_se+0x2b0/0x330\n ? __update_load_avg_se+0x2b0/0x330\n ? update_load_avg+0x5f/0x690\n ? update_load_avg+0x5f/0x690\n ? set_next_entity+0xbd/0x110\n ? _raw_spin_unlock+0xd/0x20\n z_erofs_decompress_queue.isra.0+0x2e/0x50\n z_erofs_decompressqueue_work+0x30/0x60\n process_one_work+0x1d3/0x3a0\n worker_thread+0x45/0x3a0\n ? process_one_work+0x3a0/0x3a0\n kthread+0xe2/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n " } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/erofs/decompressor_lzma.c" ], "versions": [ { "version": "622ceaddb7649ca328832f50ba1400af778d75fa", "lessThan": "2478e36ec437a27f8a05bea9e4269a68c554e21f", "status": "affected", "versionType": "git" }, { "version": "622ceaddb7649ca328832f50ba1400af778d75fa", "lessThan": "96aa2a6a89618d850ef082e4268007e840c28769", "status": "affected", "versionType": "git" }, { "version": "622ceaddb7649ca328832f50ba1400af778d75fa", "lessThan": "2df7c4bd7c1d2bc5ece5e9ed19dbd386810c2a65", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/erofs/decompressor_lzma.c" ], "versions": [ { "version": "5.16", "status": "affected" }, { "version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver" }, { "version": "5.18.18", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.19.2", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "5.18.18" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "5.19.2" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.0" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/2478e36ec437a27f8a05bea9e4269a68c554e21f" }, { "url": "https://git.kernel.org/stable/c/96aa2a6a89618d850ef082e4268007e840c28769" }, { "url": "https://git.kernel.org/stable/c/2df7c4bd7c1d2bc5ece5e9ed19dbd386810c2a65" } ], "title": "erofs: wake up all waiters after z_erofs_lzma_head ready", "x_generator": { "engine": "bippy-1.2.0" } } } }