CVE-2022-49303

MEDIUM

Linux Kernel < 5.18.4 - Deadlock via rtw_joinbss_event_prehandle Timer Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle There is a deadlock in rtw_joinbss_event_prehandle(), which is shown below: (Thread 1) | (Thread 2) | _set_timer() rtw_joinbss_event_prehandle()| mod_timer() spin_lock_bh() //(1) | (wait a time) ... | rtw_join_timeout_handler() | _rtw_join_timeout_handler() del_timer_sync() | spin_lock_bh() //(2) (wait timer to stop) | ... We hold pmlmepriv->lock in position (1) of thread 1 and use del_timer_sync() to wait timer to stop, but timer handler also need pmlmepriv->lock in position (2) of thread 2. As a result, rtw_joinbss_event_prehandle() will block forever. This patch extracts del_timer_sync() from the protection of spin_lock_bh(), which could let timer handler to obtain the needed lock. What`s more, we change spin_lock_bh() to spin_lock_irq() in _rtw_join_timeout_handler() in order to prevent deadlock.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/25cf414b0610fea29d8e045f315648d9007c9a46

Patch

https://git.kernel.org/stable/c/0fcddf9c7c10202946d5b19409efbdff744fba88

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 5.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-667

Status published

Products (8)

linux/Kernel 5.15.0 - 5.18.4linux

Linux/Linux < 5.15

Linux/Linux 15865124feed880978b79839c756ef6cbb4ec6b3 - 0fcddf9c7c10202946d5b19409efbdff744fba88

Linux/Linux 15865124feed880978b79839c756ef6cbb4ec6b3 - 25cf414b0610fea29d8e045f315648d9007c9a46

Linux/Linux 5.15

Linux/Linux 5.18.4 - 5.18.*

Linux/Linux 5.19

linux/linux_kernel < 5.18.4

Published Feb 26, 2025

Tracked Since Feb 18, 2026