CVE-2022-49304

MEDIUM

Linux Kernel < 4.9.318 - Denial of Service via Deadlock in sa1100_set_termios

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: drivers: tty: serial: Fix deadlock in sa1100_set_termios() There is a deadlock in sa1100_set_termios(), which is shown below: (Thread 1) | (Thread 2) | sa1100_enable_ms() sa1100_set_termios() | mod_timer() spin_lock_irqsave() //(1) | (wait a time) ... | sa1100_timeout() del_timer_sync() | spin_lock_irqsave() //(2) (wait timer to stop) | ... We hold sport->port.lock in position (1) of thread 1 and use del_timer_sync() to wait timer to stop, but timer handler also need sport->port.lock in position (2) of thread 2. As a result, sa1100_set_termios() will block forever. This patch moves del_timer_sync() before spin_lock_irqsave() in order to prevent the deadlock.

References (9)

Core 9

Scores

CVSS v3 5.5
EPSS 0.0019
EPSS Percentile 8.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-667
Status published
Products (29)
linux/Kernel 2.6.12 - 4.9.318linux
linux/Kernel 4.10.0 - 4.14.283linux
linux/Kernel 4.15.0 - 4.19.247linux
linux/Kernel 4.20.0 - 5.4.198linux
linux/Kernel 5.11.0 - 5.15.47linux
linux/Kernel 5.16.0 - 5.17.15linux
linux/Kernel 5.18.0 - 5.18.4linux
linux/Kernel 5.5.0 - 5.10.122linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 0976808d0d171ec837d4bd3e9f4ad4a00ab703b8
... and 19 more
Published Feb 26, 2025
Tracked Since Feb 18, 2026