{ "affected": [ { "ranges": [ { "events": [ { "introduced": "548c237c0a9972df5d1afaca38aa733ee577128d" }, { "fixed": "d4460c82177899751975180c268f352893302221" }, { "fixed": "dd860b39aa7c7b82e6c99b6fdb99d4610ce49d67" }, { "fixed": "8b78493968ed3cef0326183ed059c55e42f24d5b" }, { "fixed": "a6b9e09403102bdf8402dae734800e4916c7ea58" }, { "fixed": "13286ad1c7c49c606fdcba4cf66f953a1a16c1ca" }, { "fixed": "21296a52caa6a6bad6debdfe40ad81d4f1a27e69" }, { "fixed": "14d245da57a11e80277ab455aa9b6dcc5ed38a19" }, { "fixed": "07e28a8f450217db679802ebd4de0915556ce846" }, { "fixed": "5f7d78b2b12a9d561f48fa00bab29b40f4616dad" } ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "type": "GIT" } ] } ], "database_specific": { "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50476.json" }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nntb_netdev: Use dev_kfree_skb_any() in interrupt context\n\nTX/RX callback handlers (ntb_netdev_tx_handler(),\nntb_netdev_rx_handler()) can be called in interrupt\ncontext via the DMA framework when the respective\nDMA operations have completed. As such, any calls\nby these routines to free skb's, should use the\ninterrupt context safe dev_kfree_skb_any() function.\n\nPreviously, these callback handlers would call the\ninterrupt unsafe version of dev_kfree_skb(). This has\nnot presented an issue on Intel IOAT DMA engines as\nthat driver utilizes tasklets rather than a hard\ninterrupt handler, like the AMD PTDMA DMA driver.\nOn AMD systems, a kernel WARNING message is\nencountered, which is being issued from\nskb_release_head_state() due to in_hardirq()\nbeing true.\n\nBesides the user visible WARNING from the kernel,\nthe other symptom of this bug was that TCP/IP performance\nacross the ntb_netdev interface was very poor, i.e.\napproximately an order of magnitude below what was\nexpected. With the repair to use dev_kfree_skb_any(),\nkernel WARNINGs from skb_release_head_state() ceased\nand TCP/IP performance, as measured by iperf, was on\npar with expected results, approximately 20 Gb/s on\nAMD Milan based server. Note that this performance\nis comparable with Intel based servers.", "id": "CVE-2022-50476", "modified": "2026-04-01T23:09:09.825273384Z", "published": "2025-10-04T15:16:36.895Z", "references": [ { "type": "WEB", "url": "https://git.kernel.org/stable/c/07e28a8f450217db679802ebd4de0915556ce846" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/13286ad1c7c49c606fdcba4cf66f953a1a16c1ca" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/14d245da57a11e80277ab455aa9b6dcc5ed38a19" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/21296a52caa6a6bad6debdfe40ad81d4f1a27e69" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/5f7d78b2b12a9d561f48fa00bab29b40f4616dad" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/8b78493968ed3cef0326183ed059c55e42f24d5b" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/a6b9e09403102bdf8402dae734800e4916c7ea58" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/d4460c82177899751975180c268f352893302221" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/dd860b39aa7c7b82e6c99b6fdb99d4610ce49d67" }, { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50476.json" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50476" }, { "type": "PACKAGE", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git" } ], "schema_version": "1.7.3", "summary": "ntb_netdev: Use dev_kfree_skb_any() in interrupt context" }