CVE-2022-50498

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50498
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50498.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50498
Downstream
Related
Published
2025-10-04T15:43:49.383Z
Modified
2026-03-12T03:26:36.271326Z
Summary
eth: alx: take rtnl_lock on resume
Details

In the Linux kernel, the following vulnerability has been resolved:

eth: alx: take rtnl_lock on resume

Zbynek reports that alx trips an rtnl assertion on resume:

RTNL: assertion failed at net/core/dev.c (2891) RIP: 0010:netifsetrealnumtx_queues+0x1ac/0x1c0 Call Trace: <TASK> _alxopen+0x230/0x570 [alx] alxresume+0x54/0x80 [alx] ? pcilegacyresume+0x80/0x80 dpmruncallback+0x4a/0x150 deviceresume+0x8b/0x190 asyncresume+0x19/0x30 asyncrunentryfn+0x30/0x130 processonework+0x1e5/0x3b0

indeed the driver does not hold rtnl_lock during its internal close and re-open functions during suspend/resume. Note that this is not a huge bug as the driver implements its own locking, and does not implement changing the number of queues, but we need to silence the splat.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50498.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4a5fe57e775188be96359a1934501be45fe5f705
Fixed
6f1991a940b90753b34570f093a21dba366e8cc0
Fixed
a845a0c4bdece2c0073ecea2fca7c4d5f0550f78
Fixed
c0323c0fd07804d5874699e93f935cda0d989c67
Fixed
6ad1c94e1e7e374d88f0cfd77936dddb8339aaba

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50498.json"