{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-49979", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-06-18T10:57:27.385Z", "datePublished": "2025-06-18T11:00:41.513Z", "dateUpdated": "2026-05-23T15:23:29.307Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-23T15:23:29.307Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix refcount bug in sk_psock_get (2)\n\nSyzkaller reports refcount bug as follows:\n------------[ cut here ]------------\nrefcount_t: saturated; leaking memory.\nWARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19\nModules linked in:\nCPU: 1 PID: 3605 Comm: syz-executor208 Not tainted 5.18.0-syzkaller-03023-g7e062cda7d90 #0\n <TASK>\n __refcount_add_not_zero include/linux/refcount.h:163 [inline]\n __refcount_inc_not_zero include/linux/refcount.h:227 [inline]\n refcount_inc_not_zero include/linux/refcount.h:245 [inline]\n sk_psock_get+0x3bc/0x410 include/linux/skmsg.h:439\n tls_data_ready+0x6d/0x1b0 net/tls/tls_sw.c:2091\n tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4983\n tcp_data_queue+0x25f2/0x4c90 net/ipv4/tcp_input.c:5057\n tcp_rcv_state_process+0x1774/0x4e80 net/ipv4/tcp_input.c:6659\n tcp_v4_do_rcv+0x339/0x980 net/ipv4/tcp_ipv4.c:1682\n sk_backlog_rcv include/net/sock.h:1061 [inline]\n __release_sock+0x134/0x3b0 net/core/sock.c:2849\n release_sock+0x54/0x1b0 net/core/sock.c:3404\n inet_shutdown+0x1e0/0x430 net/ipv4/af_inet.c:909\n __sys_shutdown_sock net/socket.c:2331 [inline]\n __sys_shutdown_sock net/socket.c:2325 [inline]\n __sys_shutdown+0xf1/0x1b0 net/socket.c:2343\n __do_sys_shutdown net/socket.c:2351 [inline]\n __se_sys_shutdown net/socket.c:2349 [inline]\n __x64_sys_shutdown+0x50/0x70 net/socket.c:2349\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n </TASK>\n\nDuring SMC fallback process in connect syscall, kernel will\nreplaces TCP with SMC. In order to forward wakeup\nsmc socket waitqueue after fallback, kernel will sets\nclcsk->sk_user_data to origin smc socket in\nsmc_fback_replace_callbacks().\n\nLater, in shutdown syscall, kernel will calls\nsk_psock_get(), which treats the clcsk->sk_user_data\nas psock type, triggering the refcnt warning.\n\nSo, the root cause is that smc and psock, both will use\nsk_user_data field. So they will mismatch this field\neasily.\n\nThis patch solves it by using another bit(defined as\nSK_USER_DATA_PSOCK) in PTRMASK, to mark whether\nsk_user_data points to a psock object or not.\nThis patch depends on a PTRMASK introduced in commit f1ff5ce2cd5e\n(\"net, sk_msg: Clear sk_user_data pointer on clone if tagged\").\n\nFor there will possibly be more flags in the sk_user_data field,\nthis patch also refactor sk_user_data flags code to be more generic\nto improve its maintainability."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/skmsg.h", "include/net/sock.h", "net/core/skmsg.c"], "versions": [{"version": "0ef6049f664941bc0f75828b3a61877635048b27", "lessThan": "a5d1cb908131e939bd8b63b8e5e23365bbc2edaf", "status": "affected", "versionType": "git"}, {"version": "341adeec9adad0874f29a0a1af35638207352a39", "lessThan": "86026be8535c16fcc5e4f960286faf04d7f77815", "status": "affected", "versionType": "git"}, {"version": "341adeec9adad0874f29a0a1af35638207352a39", "lessThan": "2a0133723f9ebeb751cfce19f74ec07e108bef1f", "status": "affected", "versionType": "git"}, {"version": "504078fbe9dd570d685361b57784a6050bc40aaa", "status": "affected", "versionType": "git"}, {"version": "5.15.22", "lessThan": "5.15.65", "status": "affected", "versionType": "semver"}, {"version": "5.16.8", "lessThan": "5.17", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/skmsg.h", "include/net/sock.h", "net/core/skmsg.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.65", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19.7", "lessThanOrEqual": "5.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.22", "versionEndExcluding": "5.15.65"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "5.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a5d1cb908131e939bd8b63b8e5e23365bbc2edaf"}, {"url": "https://git.kernel.org/stable/c/86026be8535c16fcc5e4f960286faf04d7f77815"}, {"url": "https://git.kernel.org/stable/c/2a0133723f9ebeb751cfce19f74ec07e108bef1f"}], "title": "net: fix refcount bug in sk_psock_get (2)", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "Linux", "programFiles": ["include/linux/skmsg.h", "include/net/sock.h", "net/core/skmsg.c"], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [{"lessThan": "a5d1cb908131e939bd8b63b8e5e23365bbc2edaf", "status": "affected", "version": "0ef6049f664941bc0f75828b3a61877635048b27", "versionType": "git"}, {"lessThan": "86026be8535c16fcc5e4f960286faf04d7f77815", "status": "affected", "version": "341adeec9adad0874f29a0a1af35638207352a39", "versionType": "git"}, {"lessThan": "2a0133723f9ebeb751cfce19f74ec07e108bef1f", "status": "affected", "version": "341adeec9adad0874f29a0a1af35638207352a39", "versionType": "git"}, {"status": "affected", "version": "504078fbe9dd570d685361b57784a6050bc40aaa", "versionType": "git"}, {"lessThan": "5.15.65", "status": "affected", "version": "5.15.22", "versionType": "semver"}, {"lessThan": "5.17", "status": "affected", "version": "5.16.8", "versionType": "semver"}]}, {"defaultStatus": "affected", "product": "Linux", "programFiles": ["include/linux/skmsg.h", "include/net/sock.h", "net/core/skmsg.c"], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [{"status": "affected", "version": "5.17"}, {"lessThan": "5.17", "status": "unaffected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.65", "versionType": "semver"}, {"lessThanOrEqual": "5.19.*", "status": "unaffected", "version": "5.19.7", "versionType": "semver"}, {"lessThanOrEqual": "*", "status": "unaffected", "version": "6.0", "versionType": "original_commit_for_fix"}]}], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B66AC0DE-D315-41CC-A27E-584DB1EE03E7", "versionEndExcluding": "5.10.141", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "81162A58-341F-455C-96D5-6DF30A0F9295", "versionEndExcluding": "5.15.65", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEBCC9D9-2058-44E1-8A2E-ABC880E4DE50", "versionEndExcluding": "5.19.7", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix refcount bug in sk_psock_get (2)\n\nSyzkaller reports refcount bug as follows:\n------------[ cut here ]------------\nrefcount_t: saturated; leaking memory.\nWARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19\nModules linked in:\nCPU: 1 PID: 3605 Comm: syz-executor208 Not tainted 5.18.0-syzkaller-03023-g7e062cda7d90 #0\n <TASK>\n __refcount_add_not_zero include/linux/refcount.h:163 [inline]\n __refcount_inc_not_zero include/linux/refcount.h:227 [inline]\n refcount_inc_not_zero include/linux/refcount.h:245 [inline]\n sk_psock_get+0x3bc/0x410 include/linux/skmsg.h:439\n tls_data_ready+0x6d/0x1b0 net/tls/tls_sw.c:2091\n tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4983\n tcp_data_queue+0x25f2/0x4c90 net/ipv4/tcp_input.c:5057\n tcp_rcv_state_process+0x1774/0x4e80 net/ipv4/tcp_input.c:6659\n tcp_v4_do_rcv+0x339/0x980 net/ipv4/tcp_ipv4.c:1682\n sk_backlog_rcv include/net/sock.h:1061 [inline]\n __release_sock+0x134/0x3b0 net/core/sock.c:2849\n release_sock+0x54/0x1b0 net/core/sock.c:3404\n inet_shutdown+0x1e0/0x430 net/ipv4/af_inet.c:909\n __sys_shutdown_sock net/socket.c:2331 [inline]\n __sys_shutdown_sock net/socket.c:2325 [inline]\n __sys_shutdown+0xf1/0x1b0 net/socket.c:2343\n __do_sys_shutdown net/socket.c:2351 [inline]\n __se_sys_shutdown net/socket.c:2349 [inline]\n __x64_sys_shutdown+0x50/0x70 net/socket.c:2349\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n </TASK>\n\nDuring SMC fallback process in connect syscall, kernel will\nreplaces TCP with SMC. In order to forward wakeup\nsmc socket waitqueue after fallback, kernel will sets\nclcsk->sk_user_data to origin smc socket in\nsmc_fback_replace_callbacks().\n\nLater, in shutdown syscall, kernel will calls\nsk_psock_get(), which treats the clcsk->sk_user_data\nas psock type, triggering the refcnt warning.\n\nSo, the root cause is that smc and psock, both will use\nsk_user_data field. So they will mismatch this field\neasily.\n\nThis patch solves it by using another bit(defined as\nSK_USER_DATA_PSOCK) in PTRMASK, to mark whether\nsk_user_data points to a psock object or not.\nThis patch depends on a PTRMASK introduced in commit f1ff5ce2cd5e\n(\"net, sk_msg: Clear sk_user_data pointer on clone if tagged\").\n\nFor there will possibly be more flags in the sk_user_data field,\nthis patch also refactor sk_user_data flags code to be more generic\nto improve its maintainability."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: corrige error de recuento de referencias en sk_psock_get (2) Syzkaller informa el siguiente error de recuento de referencias: ------------[ cortar aqu\u00ed ]------------ refcount_t: saturado; p\u00e9rdida de memoria. ADVERTENCIA: CPU: 1 PID: 3605 en lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19 M\u00f3dulos vinculados: CPU: 1 PID: 3605 Comm: syz-executor208 No contaminado 5.18.0-syzkaller-03023-g7e062cda7d90 #0 __refcount_add_not_zero include/linux/refcount.h:163 [en l\u00ednea] __refcount_inc_not_zero include/linux/refcount.h:227 [en l\u00ednea] refcount_inc_not_zero include/linux/refcount.h:245 [en l\u00ednea] sk_psock_get+0x3bc/0x410 incluir/linux/skmsg.h:439 tls_data_ready+0x6d/0x1b0 net/tls/tls_sw.c:2091 tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4983 tcp_data_queue+0x25f2/0x4c90 net/ipv4/tcp_input.c:5057 tcp_rcv_state_process+0x1774/0x4e80 net/ipv4/tcp_input.c:6659 tcp_v4_do_rcv+0x339/0x980 net/ipv4/tcp_ipv4.c:1682 sk_backlog_rcv incluir/net/sock.h:1061 [en l\u00ednea] __release_sock+0x134/0x3b0 net/core/sock.c:2849 release_sock+0x54/0x1b0 net/core/sock.c:3404 inet_shutdown+0x1e0/0x430 net/ipv4/af_inet.c:909 __sys_shutdown_sock net/socket.c:2331 [en l\u00ednea] __sys_shutdown_sock net/socket.c:2325 [en l\u00ednea] __sys_shutdown+0xf1/0x1b0 net/socket.c:2343 __do_sys_shutdown net/socket.c:2351 [en l\u00ednea] __se_sys_shutdown net/socket.c:2349 [en l\u00ednea] Durante el proceso de respaldo de SMC en la llamada al sistema de conexi\u00f3n, el kernel reemplaza TCP con SMC. Para reenviar la cola de espera del socket SMC de activaci\u00f3n despu\u00e9s del respaldo, el kernel establece clcsk-&gt;sk_user_data en el socket SMC de origen en smc_fback_replace_callbacks(). Posteriormente, en la llamada al sistema de apagado, el kernel llamar\u00e1 a sk_psock_get(), que trata clcsk-&gt;sk_user_data como de tipo psock, lo que activa la advertencia refcnt. Por lo tanto, la causa principal es que tanto smc como psock utilizan el campo sk_user_data, por lo que es f\u00e1cil que no coincidan con este campo. Este parche soluciona este problema utilizando otro bit (definido como SK_USER_DATA_PSOCK) en PTRMASK para indicar si sk_user_data apunta a un objeto psock. Este parche depende de una PTRMASK introducida en el commit f1ff5ce2cd5e (\"net, sk_msg: Borrar el puntero sk_user_data al clonar si est\u00e1 etiquetado\"). Dado que posiblemente haya m\u00e1s indicadores en el campo sk_user_data, este parche tambi\u00e9n refactoriza el c\u00f3digo de indicadores sk_user_data para que sea m\u00e1s gen\u00e9rico y mejore su mantenimiento."}], "id": "CVE-2022-49979", "lastModified": "2026-06-17T05:19:40.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-18T11:15:25.363", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2a0133723f9ebeb751cfce19f74ec07e108bef1f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/86026be8535c16fcc5e4f960286faf04d7f77815"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a5d1cb908131e939bd8b63b8e5e23365bbc2edaf"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: fix refcount bug in sk_psock_get (2)", "id": "2373406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373406"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: fix refcount bug in sk_psock_get (2)\nSyzkaller reports refcount bug as follows:\n------------[ cut here ]------------\nrefcount_t: saturated; leaking memory.\nWARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19\nModules linked in:\nCPU: 1 PID: 3605 Comm: syz-executor208 Not tainted 5.18.0-syzkaller-03023-g7e062cda7d90 #0\n<TASK>\n__refcount_add_not_zero include/linux/refcount.h:163 [inline]\n__refcount_inc_not_zero include/linux/refcount.h:227 [inline]\nrefcount_inc_not_zero include/linux/refcount.h:245 [inline]\nsk_psock_get+0x3bc/0x410 include/linux/skmsg.h:439\ntls_data_ready+0x6d/0x1b0 net/tls/tls_sw.c:2091\ntcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4983\ntcp_data_queue+0x25f2/0x4c90 net/ipv4/tcp_input.c:5057\ntcp_rcv_state_process+0x1774/0x4e80 net/ipv4/tcp_input.c:6659\ntcp_v4_do_rcv+0x339/0x980 net/ipv4/tcp_ipv4.c:1682\nsk_backlog_rcv include/net/sock.h:1061 [inline]\n__release_sock+0x134/0x3b0 net/core/sock.c:2849\nrelease_sock+0x54/0x1b0 net/core/sock.c:3404\ninet_shutdown+0x1e0/0x430 net/ipv4/af_inet.c:909\n__sys_shutdown_sock net/socket.c:2331 [inline]\n__sys_shutdown_sock net/socket.c:2325 [inline]\n__sys_shutdown+0xf1/0x1b0 net/socket.c:2343\n__do_sys_shutdown net/socket.c:2351 [inline]\n__se_sys_shutdown net/socket.c:2349 [inline]\n__x64_sys_shutdown+0x50/0x70 net/socket.c:2349\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\n</TASK>\nDuring SMC fallback process in connect syscall, kernel will\nreplaces TCP with SMC. In order to forward wakeup\nsmc socket waitqueue after fallback, kernel will sets\nclcsk->sk_user_data to origin smc socket in\nsmc_fback_replace_callbacks().\nLater, in shutdown syscall, kernel will calls\nsk_psock_get(), which treats the clcsk->sk_user_data\nas psock type, triggering the refcnt warning.\nSo, the root cause is that smc and psock, both will use\nsk_user_data field. So they will mismatch this field\neasily.\nThis patch solves it by using another bit(defined as\nSK_USER_DATA_PSOCK) in PTRMASK, to mark whether\nsk_user_data points to a psock object or not.\nThis patch depends on a PTRMASK introduced in commit f1ff5ce2cd5e\n(\"net, sk_msg: Clear sk_user_data pointer on clone if tagged\").\nFor there will possibly be more flags in the sk_user_data field,\nthis patch also refactor sk_user_data flags code to be more generic\nto improve its maintainability."], "name": "CVE-2022-49979", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49979\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49979\nhttps://lore.kernel.org/linux-cve-announce/2025061820-CVE-2022-49979-f695@gregkh/T"], "threat_severity": "Low"}

{"created": "2025-06-23T08:36:34.169188+00:00", "updated": "2025-06-23T08:36:34.169227+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}