SB20250916214 - Improper locking in Linux kernel kcm
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB20250916214
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2022-50291)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kcm_rfree(), reserve_rx_kcm() and unreserve_rx_kcm() functions in net/kcm/kcmsock.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/12a0eb340c9a22e0f8c00d2c0c1a60695ead926a
- https://git.kernel.org/stable/c/13dba69e18d04c8eec7596369f2a0596b0260275
- https://git.kernel.org/stable/c/15e4dabda11b0fa31d510a915d1a580f47dfc92e
- https://git.kernel.org/stable/c/1b8a5692ab25db4ef1c2cc8e5d21f7a65dc3d079
- https://git.kernel.org/stable/c/342d918cf9a45df9cf11bbe7162b851adefd178f
- https://git.kernel.org/stable/c/bf46af730e58d340f6f740bc69a07c5f6b85c655
- https://git.kernel.org/stable/c/c325f92d8d9b223d5842609ca067e898e9d34566
- https://git.kernel.org/stable/c/e94395e916b48a5b912a0a04570981b5b091acb0
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.223