CVE-2022-50744
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs
During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fnX/rx_monitor, a hard lockup similar to the call trace below may occur.
The spin_lock_bh in lpfc_rx_monitor_report is not protecting from timer interrupts as expected, so change the strength of the spin lock to _irq.
Kernel panic - not syncing: Hard LOCKUP CPU: 3 PID: 110402 Comm: cat Kdump: loaded
exception RIP: native_queued_spin_lock_slowpath+91
[IRQ stack] native_queued_spin_lock_slowpath at ffffffffb814e30b _raw_spin_lock at ffffffffb89a667a lpfc_rx_monitor_record at ffffffffc0a73a36 [lpfc] lpfc_cmf_timer at ffffffffc0abbc67 [lpfc] __hrtimer_run_queues at ffffffffb8184250 hrtimer_interrupt at ffffffffb8184ab0 smp_apic_timer_interrupt at ffffffffb8a026ba apic_timer_interrupt at ffffffffb8a01c4f [End of IRQ stack]
apic_timer_interrupt at ffffffffb8a01c4f lpfc_rx_monitor_report at ffffffffc0a73c80 [lpfc] lpfc_rx_monitor_read at ffffffffc0addde1 [lpfc] full_proxy_read at ffffffffb83e7fc3 vfs_read at ffffffffb833fe71 ksys_read at ffffffffb83402af do_syscall_64 at ffffffffb800430b entry_SYSCALL_64_after_hwframe at ffffffffb8a000ad
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A hard lockup in the Linux kernel's lpfc driver occurs when reading the rx_monitor debugfs file during I/O, due to insufficient spin lock protection against timer interrupts.
Vulnerability
Description
CVE-2022-50744 is a vulnerability in the Linux kernel's lpfc (LightPulse Fibre Channel) SCSI driver. The issue manifests as a hard lockup when a user simultaneously performs I/O operations and reads the /sys/kernel/debug/lpfc/fnX/rx_monitor debugfs file. The root cause is that the spin_lock_bh used in the lpfc_rx_monitor_report function does not adequately protect against timer interrupts, leading to a deadlock scenario where the CPU spins indefinitely on a spin lock [1][2].
Exploitation and
Attack Surface
The vulnerability is triggered by a local user with access to the debugfs filesystem, typically requiring root privileges or appropriate capabilities to read the rx_monitor file. The attack surface is local, as the debugfs interface is only accessible from within the system. No authentication is needed beyond the ability to read the debugfs file, and the condition occurs during normal I/O activity combined with the debugfs read operation. The lockup is reproducible by running a cat command on the rx_monitor file while the system is under I/O load [1][2].
Impact
If exploited, the vulnerability is exploited, the system experiences a hard lockup, resulting in a kernel panic and denial of service. The call trace shows the CPU stuck in native_queued_spin_lock_slowpath while holding a spin lock, preventing any further progress. This effectively crashes the system, making it unavailable for all users and services. The impact is limited to availability, as the vulnerability does not allow for privilege escalation or data corruption [1][2].
Mitigation
The fix involves changing the spin lock from spin_lock_bh to spin_lock_irq_lock_irq in the lpfc_rx_monitor_report function, which properly disables interrupts and prevents the timer interrupt from causing a deadlock. The patch has been applied to the Linux kernel stable branches, and users are advised to update their kernels to include the fix. No workaround is available other than avoiding the debugfs read during I/O, but this is not a practical mitigation [1][2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
42cf66428a254cd542900ee5139761417ea7bc44e50f4a0ecVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.