LiveActive security incident?Get immediate response
CVE Record

CVE-2022-50193: erofs: wake up all waiters after z_erofs_lzma_head ready

In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after z_erofs_lzma_head ready When the user mounts the erofs second times, the decompression thread may hung. The problem happens due to a sequence of steps like the following: 1) Task A called z_erofs_load_lzma_config which obtain all of the node from the z_erofs_lzma_head. 2) At this time, task B called the z_erofs_lzma_decompress and wanted to get a node. But the z_erofs_lzma_head was empty, the Task B had to sleep. 3) Task A release nodes and push nodes into the z_erofs_lzma_head. But task B was still sleeping. One example report when the hung happens: task:kworker/u3:1 state:D stack:14384 pid: 86 ppid: 2 flags:0x00004000 Workqueue: erofs_unzipd z_erofs_decompressqueue_work Call Trace: <TASK> __schedule+0x281/0x760 schedule+0x49/0xb0 z_erofs_lzma_decompress+0x4bc/0x580 ? cpu_core_flags+0x10/0x10 z_erofs_decompress_pcluster+0x49b/0xba0 ? __update_load_avg_se+0x2b0/0x330 ? __update_load_avg_se+0x2b0/0x330 ? update_load_avg+0x5f/0x690 ? update_load_avg+0x5f/0x690 ? set_next_entity+0xbd/0x110 ? _raw_spin_unlock+0xd/0x20 z_erofs_decompress_queue.isra.0+0x2e/0x50 z_erofs_decompressqueue_work+0x30/0x60 process_one_work+0x1d3/0x3a0 worker_thread+0x45/0x3a0 ? process_one_work+0x3a0/0x3a0 kthread+0xe2/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 </TASK>

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This Linux kernel issue can leave EROFS decompression work stuck after a repeated mount scenario. The reported effect is a hung kernel worker, which points to availability impact rather than data theft. The provided sources do not give a CVSS score or evidence of active exploitation.

Executive priority

Treat as a targeted kernel availability risk. It is most urgent for appliances, embedded systems, containers, or boot flows relying on EROFS images. Without exploitation evidence or a severity score, handle through normal kernel patch governance unless exposure is confirmed.

Technical view

The bug is in EROFS LZMA decompression synchronization. A task can wait for an available node from z_erofs_lzma_head, while another task returns nodes without waking all waiters, leaving decompression threads sleeping in uninterruptible state.

Likely exposure

Likely limited to Linux systems using EROFS with LZMA-compressed content, especially where EROFS filesystems are mounted more than once. The bundle lists Linux kernel version ranges and stable commits, but does not provide distro package mappings.

Exploitation context

The source describes a hang sequence and kernel call trace. It does not state remote exploitability, public exploit availability, or active exploitation. KEV is false, so active exploitation should not be assumed.

Researcher notes

The public record is sparse: no CVSS, CWE, exploit report, or vendor-specific affected package list is included. Analysis should focus on EROFS LZMA use, kernel provenance, and whether the referenced stable commits are present.

Mitigation direction

  • Check Linux distribution advisories for CVE-2022-50193 kernel packages.
  • Prioritize updates on systems using EROFS or compressed read-only images.
  • Adopt vendor kernels containing the referenced stable EROFS fix commits.
  • Reduce unnecessary EROFS remount workflows until patched, where operationally feasible.

Validation and detection

  • Inventory kernels and identify hosts using EROFS with LZMA compression.
  • Check whether vendor kernel changelogs include CVE-2022-50193 or the referenced commits.
  • Review logs for hung erofs_unzipd or z_erofs_lzma_decompress worker traces.
  • Confirm patched hosts no longer show EROFS decompression hangs during approved regression tests.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-50193 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux622ceaddb7649ca328832f50ba1400af778d75fa, 622ceaddb7649ca328832f50ba1400af778d75fa, 622ceaddb7649ca328832f50ba1400af778d75faunaffected
LinuxLinux5.16, 0, 5.18.18, 5.19.2, 6.0affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.