FKIE_CVE-2022-50699
Vulnerability from fkie_nvd - Published: 2025-12-24 11:15 - Updated: 2025-12-29 15:58
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
The following warning was triggered on a hardware environment:
SELinux: Converting 162 SID table entries...
BUG: sleeping function called from invalid context at
__might_sleep+0x60/0x74 0x0
in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 5943, name: tar
CPU: 7 PID: 5943 Comm: tar Tainted: P O 5.10.0 #1
Call trace:
dump_backtrace+0x0/0x1c8
show_stack+0x18/0x28
dump_stack+0xe8/0x15c
___might_sleep+0x168/0x17c
__might_sleep+0x60/0x74
__kmalloc_track_caller+0xa0/0x7dc
kstrdup+0x54/0xac
convert_context+0x48/0x2e4
sidtab_context_to_sid+0x1c4/0x36c
security_context_to_sid_core+0x168/0x238
security_context_to_sid_default+0x14/0x24
inode_doinit_use_xattr+0x164/0x1e4
inode_doinit_with_dentry+0x1c0/0x488
selinux_d_instantiate+0x20/0x34
security_d_instantiate+0x70/0xbc
d_splice_alias+0x4c/0x3c0
ext4_lookup+0x1d8/0x200 [ext4]
__lookup_slow+0x12c/0x1e4
walk_component+0x100/0x200
path_lookupat+0x88/0x118
filename_lookup+0x98/0x130
user_path_at_empty+0x48/0x60
vfs_statx+0x84/0x140
vfs_fstatat+0x20/0x30
__se_sys_newfstatat+0x30/0x74
__arm64_sys_newfstatat+0x1c/0x2c
el0_svc_common.constprop.0+0x100/0x184
do_el0_svc+0x1c/0x2c
el0_svc+0x20/0x34
el0_sync_handler+0x80/0x17c
el0_sync+0x13c/0x140
SELinux: Context system_u:object_r:pssp_rsyslog_log_t:s0:c0 is
not valid (left unmapped).
It was found that within a critical section of spin_lock_irqsave in
sidtab_context_to_sid(), convert_context() (hooked by
sidtab_convert_params.func) might cause the process to sleep via
allocating memory with GFP_KERNEL, which is problematic.
As Ondrej pointed out [1], convert_context()/sidtab_convert_params.func
has another caller sidtab_convert_tree(), which is okay with GFP_KERNEL.
Therefore, fix this problem by adding a gfp_t argument for
convert_context()/sidtab_convert_params.func and pass GFP_KERNEL/_ATOMIC
properly in individual callers.
[PM: wrap long BUG() output lines, tweak subject line]
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()\n\nThe following warning was triggered on a hardware environment:\n\n SELinux: Converting 162 SID table entries...\n BUG: sleeping function called from invalid context at\n __might_sleep+0x60/0x74 0x0\n in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 5943, name: tar\n CPU: 7 PID: 5943 Comm: tar Tainted: P O 5.10.0 #1\n Call trace:\n dump_backtrace+0x0/0x1c8\n show_stack+0x18/0x28\n dump_stack+0xe8/0x15c\n ___might_sleep+0x168/0x17c\n __might_sleep+0x60/0x74\n __kmalloc_track_caller+0xa0/0x7dc\n kstrdup+0x54/0xac\n convert_context+0x48/0x2e4\n sidtab_context_to_sid+0x1c4/0x36c\n security_context_to_sid_core+0x168/0x238\n security_context_to_sid_default+0x14/0x24\n inode_doinit_use_xattr+0x164/0x1e4\n inode_doinit_with_dentry+0x1c0/0x488\n selinux_d_instantiate+0x20/0x34\n security_d_instantiate+0x70/0xbc\n d_splice_alias+0x4c/0x3c0\n ext4_lookup+0x1d8/0x200 [ext4]\n __lookup_slow+0x12c/0x1e4\n walk_component+0x100/0x200\n path_lookupat+0x88/0x118\n filename_lookup+0x98/0x130\n user_path_at_empty+0x48/0x60\n vfs_statx+0x84/0x140\n vfs_fstatat+0x20/0x30\n __se_sys_newfstatat+0x30/0x74\n __arm64_sys_newfstatat+0x1c/0x2c\n el0_svc_common.constprop.0+0x100/0x184\n do_el0_svc+0x1c/0x2c\n el0_svc+0x20/0x34\n el0_sync_handler+0x80/0x17c\n el0_sync+0x13c/0x140\n SELinux: Context system_u:object_r:pssp_rsyslog_log_t:s0:c0 is\n not valid (left unmapped).\n\nIt was found that within a critical section of spin_lock_irqsave in\nsidtab_context_to_sid(), convert_context() (hooked by\nsidtab_convert_params.func) might cause the process to sleep via\nallocating memory with GFP_KERNEL, which is problematic.\n\nAs Ondrej pointed out [1], convert_context()/sidtab_convert_params.func\nhas another caller sidtab_convert_tree(), which is okay with GFP_KERNEL.\nTherefore, fix this problem by adding a gfp_t argument for\nconvert_context()/sidtab_convert_params.func and pass GFP_KERNEL/_ATOMIC\nproperly in individual callers.\n\n[PM: wrap long BUG() output lines, tweak subject line]"
}
],
"id": "CVE-2022-50699",
"lastModified": "2025-12-29T15:58:56.260",
"metrics": {},
"published": "2025-12-24T11:15:50.050",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/2723875e9d677401d775a03a72abab7e9538c20c"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/277378631d26477451424cc73982b977961f3d8b"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/3006766d247bc93a25b34e92fff2f75bda597e2e"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/abe3c631447dcd1ba7af972fe6f054bee6f136fa"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…