Race Condition in Linux Kernel's iSCSI Implementation by Linux
CVE-2022-50350

4.7MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 September 2025

What is CVE-2022-50350?

A vulnerability in the iSCSI implementation of the Linux kernel allows a malicious initiator to exploit a race condition between the login process and the login thread. If harmful data is sent after a login PDU, the callback iscsi_target_sk_data_ready() may schedule login work while the negotiation phase fails to clear the LOGIN_FLAGS_INITIAL_PDU flag. This results in a scenario where the login completes, but login_work remains active, leading to repeated scheduling. If the initiator disconnects during this state, it causes a NULL pointer dereference, resulting in a kernel crash and potential system instability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux d381a8010a052813a88e20e089be4a58aad8b40a < 1533b8b3058db618409f41554ebe768c2e3acfae

Linux d381a8010a052813a88e20e089be4a58aad8b40a < 3ecdca49ca49d4770639d81503c873b6d25887c4

Linux d381a8010a052813a88e20e089be4a58aad8b40a

References

https://git.kernel.org/stable/c/1533b8b3058db618409f41554...
https://git.kernel.org/stable/c/3ecdca49ca49d4770639d8150...
https://git.kernel.org/stable/c/fec1b2fa62c162d03f5dcd7b0...

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.