{"id":"CVE-2022-50426","summary":"remoteproc: imx_dsp_rproc: Add mutex protection for workqueue","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_dsp_rproc: Add mutex protection for workqueue\n\nThe workqueue may execute late even after remoteproc is stopped or\nstopping, some resources (rpmsg device and endpoint) have been\nreleased in rproc_stop_subdevices(), then rproc_vq_interrupt()\naccessing these resources will cause kennel dump.\n\nCall trace:\n virtqueue_add_split+0x1ac/0x560\n virtqueue_add_inbuf+0x4c/0x60\n rpmsg_recv_done+0x15c/0x294\n vring_interrupt+0x6c/0xa4\n rproc_vq_interrupt+0x30/0x50\n imx_dsp_rproc_vq_work+0x24/0x40 [imx_dsp_rproc]\n process_one_work+0x1d0/0x354\n worker_thread+0x13c/0x470\n kthread+0x154/0x160\n ret_from_fork+0x10/0x20\n\nAdd mutex protection in imx_dsp_rproc_vq_work(), if the state is\nnot running, then just skip calling rproc_vq_interrupt().\n\nAlso the flush workqueue operation can't be added in rproc stop\nfor the same reason. The call sequence is\n\nrproc_shutdown\n-\u003e rproc_stop\n   -\u003erproc_stop_subdevices\n   -\u003erproc-\u003eops-\u003estop()\n     -\u003eimx_dsp_rproc_stop\n       -\u003eflush_work\n         -\u003e rproc_vq_interrupt\n\nThe resource needed by rproc_vq_interrupt has been released in\nrproc_stop_subdevices, so flush_work is not safe to be called in\nimx_dsp_rproc_stop.","modified":"2026-04-02T08:28:29.444857Z","published":"2025-10-01T11:42:05.613Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50426.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/47e6ab07018edebf94ce873cf50a05ec76ff2dde"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4a3e1fa7a77838617bdbcd95127ce93a959fad44"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b9693304b7133b81741add5bfb56f022596df012"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50426.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50426"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ec0e5549f3586d2cb99a05edd006d722ebad912c"},{"fixed":"4a3e1fa7a77838617bdbcd95127ce93a959fad44"},{"fixed":"b9693304b7133b81741add5bfb56f022596df012"},{"fixed":"47e6ab07018edebf94ce873cf50a05ec76ff2dde"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50426.json"}}],"schema_version":"1.7.5"}