CVE-2022-50044
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1) Such event may be dropped by qcom_mhi_qrtr_dl_callback() at check: if (!qdev || mhi_res->transaction_status) return; Because dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at this moment. In this situation qrtr-ns will be unable to enumerate services in device. --------------------------------------------------------------- 2) Such event may come at the moment after dev_set_drvdata() and before qrtr_endpoint_register(). In this case kernel will panic with accessing wrong pointer at qcom_mhi_qrtr_dl_callback(): rc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr, mhi_res->bytes_xferd); Because endpoint is not created yet. -------------------------------------------------------------- So move mhi_prepare_for_transfer_autoqueue after endpoint creation to fix it.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.04%• Percentile: 12%
Techniques & Countermeasures
- CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Affected Systems
- linux•linux
≥ a2e2cc0dbb1121dfa875da1c04f3dff966fec162, < c682fb70a7dfc25b848a4ff3a385b0471b470606 | ≥ a2e2cc0dbb1121dfa875da1c04f3dff966fec162, < a1a75f78a2937567946b1b756f82462874b5ca20 | ≥ a2e2cc0dbb1121dfa875da1c04f3dff966fec162, < 68a838b84effb7b57ba7d50b1863fc6ae35a54ce | 5.11
- linux•linux_kernel
≥ 5.11, < 5.15.63 | ≥ 5.16, < 5.19.4 | 6.0:rc1