CVE-2022-50116: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50116 is a vulnerability in the Linux kernel's TTY subsystem, specifically affecting the n_gsm line discipline component. The vulnerability was disclosed on June 18, 2025, and involves a deadlock and link starvation issue in the outgoing data path of the GSM line discipline (NVD, Debian Tracker).

The vulnerability stems from the implementation where control and user packets are queued and processed to the line discipline in the same code path, causing hard coupling between upper and lower layers. This design leads to deadlocks during line discipline congestion and causes data channels to starve the control channel under high transmission loads. The issue manifests as a spinlock recursion bug that can be triggered during data transmission, particularly affecting the serial8250_ports interface (NVD).

The vulnerability can result in system deadlocks and communication failures in affected systems. When triggered, it can cause spinlock recursion on the CPU, leading to system instability and potential denial of service conditions. Additionally, the starvation of control channels can result in timeouts and link hangups during line discipline congestion (NVD).

The fix introduces an additional control channel data queue to prevent timeouts and link hangups during line discipline congestion. The solution processes this queue before the user channel data queue in gsm_data_kick() with highest priority. The patch also moves the queue to line discipline data path into a workqueue and implements changes to gsm_dlci_data_sweep() to manage the transmission queue effectively (NVD).