DEBIAN-CVE-2022-50091

Source
https://security-tracker.debian.org/tracker/CVE-2022-50091
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50091.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-50091
Upstream
Published
2025-06-18T11:15:38Z
Modified
2025-09-19T06:14:56Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: locking/csdlock: Change csdlockdebug from earlyparam to _setup The csdlockdebug kernel-boot parameter is parsed by the earlyparam() function csdlockdebug(). If set, csdlockdebug() invokes staticbranchenable() to enable csdlockwait feature, which triggers a panic on arm64 for kernels built with CONFIGSPARSEMEM=y and CONFIGSPARSEMEMVMEMMAP=n. With CONFIGSPARSEMEMVMEMMAP=n, _nrtosection is called in statickeyenable() and returns NULL, resulting in a NULL dereference because memsection is initialized only later in sparseinit(). This is also a problem for powerpc because earlyparam() functions are invoked earlier than jumplabelinit(), also resulting in statickeyenable() failures. These failures cause the warning "static key 'xxx' used before call to jumplabelinit()". Thus, earlyparam is too early for csdlockwait to run staticbranchenable(), so changes it to __setup to fix these.

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}