CVE-2022-50699
- Source
- https://cve.org/CVERecord?id=CVE-2022-50699
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50699.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50699
- Downstream
- Related
- Published
- 2025-12-24T10:55:15.468Z
- Modified
- 2026-01-30T01:46:06.669970Z
- Summary
- selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
selinux: enable use of both GFPKERNEL and GFPATOMIC in convert_context()
The following warning was triggered on a hardware environment:
SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context at mightsleep+0x60/0x74 0x0 inatomic(): 1, irqsdisabled(): 128, nonblock: 0, pid: 5943, name: tar CPU: 7 PID: 5943 Comm: tar Tainted: P O 5.10.0 #1 Call trace: dumpbacktrace+0x0/0x1c8 showstack+0x18/0x28 dumpstack+0xe8/0x15c _mightsleep+0x168/0x17c _mightsleep+0x60/0x74 _kmalloctrackcaller+0xa0/0x7dc kstrdup+0x54/0xac convertcontext+0x48/0x2e4 sidtabcontexttosid+0x1c4/0x36c securitycontexttosidcore+0x168/0x238 securitycontexttosiddefault+0x14/0x24 inodedoinitusexattr+0x164/0x1e4 inodedoinitwithdentry+0x1c0/0x488 selinuxdinstantiate+0x20/0x34 securitydinstantiate+0x70/0xbc dsplicealias+0x4c/0x3c0 ext4lookup+0x1d8/0x200 [ext4] _lookupslow+0x12c/0x1e4 walkcomponent+0x100/0x200 pathlookupat+0x88/0x118 filenamelookup+0x98/0x130 userpathatempty+0x48/0x60 vfsstatx+0x84/0x140 vfsfstatat+0x20/0x30 _sesysnewfstatat+0x30/0x74 _arm64sysnewfstatat+0x1c/0x2c el0svccommon.constprop.0+0x100/0x184 doel0svc+0x1c/0x2c el0svc+0x20/0x34 el0synchandler+0x80/0x17c el0sync+0x13c/0x140 SELinux: Context systemu:objectr:pssprsysloglog_t:s0:c0 is not valid (left unmapped).
It was found that within a critical section of spinlockirqsave in sidtabcontexttosid(), convertcontext() (hooked by sidtabconvertparams.func) might cause the process to sleep via allocating memory with GFP_KERNEL, which is problematic.
As Ondrej pointed out [1], convertcontext()/sidtabconvertparams.func has another caller sidtabconverttree(), which is okay with GFPKERNEL. Therefore, fix this problem by adding a gfpt argument for convertcontext()/sidtabconvertparams.func and pass GFPKERNEL/ATOMIC properly in individual callers.
[PM: wrap long BUG() output lines, tweak subject line]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50699.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2723875e9d677401d775a03a72abab7e9538c20c
- https://git.kernel.org/stable/c/277378631d26477451424cc73982b977961f3d8b
- https://git.kernel.org/stable/c/3006766d247bc93a25b34e92fff2f75bda597e2e
- https://git.kernel.org/stable/c/abe3c631447dcd1ba7af972fe6f054bee6f136fa
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50699.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50699
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedee1a84fdfeedfd7362e9a8a8f15fedc3482ade2dFixed2723875e9d677401d775a03a72abab7e9538c20cFixed3006766d247bc93a25b34e92fff2f75bda597e2eFixed277378631d26477451424cc73982b977961f3d8bFixedabe3c631447dcd1ba7af972fe6f054bee6f136fa