CVE-2022-50771
Description
In the Linux kernel, the following vulnerability has been resolved:
rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()
Running rcutorture with non-zero fqs_duration module parameter in a kernel built with CONFIG_PREEMPTION=y results in the following splat:
BUG: using __this_cpu_read() in preemptible [00000000] code: rcu_torture_fqs/398 caller is __this_cpu_preempt_check+0x13/0x20 CPU: 3 PID: 398 Comm: rcu_torture_fqs Not tainted 6.0.0-rc1-yoctodev-standard+ Call Trace:
dump_stack_lvl+0x5b/0x86 dump_stack+0x10/0x16 check_preemption_disabled+0xe5/0xf0 __this_cpu_preempt_check+0x13/0x20 rcu_force_quiescent_state.part.0+0x1c/0x170 rcu_force_quiescent_state+0x1e/0x30 rcu_torture_fqs+0xca/0x160 ? rcu_torture_boost+0x430/0x430 kthread+0x192/0x1d0 ? kthread_complete_and_exit+0x30/0x30 ret_from_fork+0x22/0x30
The problem is that rcu_force_quiescent_state() uses __this_cpu_read() in preemptible code instead of the proper raw_cpu_read(). This commit therefore changes __this_cpu_read() to raw_cpu_read().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A lockdep warning in rcu_force_quiescent_state() due to using __this_cpu_read() in preemptible context.
Vulnerability
Analysis
CVE-2022-50771 is a bug in the Linux kernel's RCU (Read-Copy-Update) subsystem. The function rcu_force_quiescent_state() uses __this_cpu_read(), which is intended for non-preemptible code, but the function is called in preemptible context when the kernel is built with CONFIG_PREEMPTION=y. This mismatch triggers a lockdep splat as reported during rcutorture testing [1].
Attack
Vector
Triggering vulnerability requires configuring a kernel with CONFIG_PREEMPTION and running rcutorture a non-zero fqs_duration parameter. The perpetrator only require access to an rcutorture test session, which is typically only available to privileged users with access to kernel configuration and torture testing infrastructure [1]. No authentication or network access is required for exploitation beyond local access to kernel debugging tools.
Impact
The impact of this vulnerability is limited to a lockdep warning that does not cause data corruption or privilege escalation. However, it indicates a race condition that can produce undesired behavior. The warning itself disrupts logs and may trigger system instability under concurrent preemptible paths [1].
Mitigation
A patch replaces __this_cpu_read() with raw_cpu_read() to fix the warning. Patched versions are available from the stable kernel trees, and users are advised to update to kernels containing commit a74af9b937707b42c3fd041aae1ed4ce2f337307 or equivalent backports [2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
63d92527a919e5a52380b819398a5b1265a36a74af9b9377080a3e7ab477bceb1c8c9b8aaVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- git.kernel.org/stable/c/3d92527a919edd1aa381bdd6c299dd75a8167396nvd
- git.kernel.org/stable/c/5a52380b8193cf8be6c4a6b94b86ef64ed80c0dcnvd
- git.kernel.org/stable/c/80a3e7ab477b3655615fc1627c88c248d4ad28d9nvd
- git.kernel.org/stable/c/98a5b1265a36e9d843a51ddd6c9fa02da50d2c57nvd
- git.kernel.org/stable/c/a74af9b937707b42c3fd041aae1ed4ce2f337307nvd
- git.kernel.org/stable/c/ceb1c8c9b8aa9199da46a0f29d2d5f08d9b44c15nvd
News mentions
0No linked articles in our index yet.