CVE-2022-49309

MEDIUM

Linux Kernel - Deadlock in rtw_surveydone_event_callback via Improper Locking

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() There is a deadlock in rtw_surveydone_event_callback(), which is shown below: (Thread 1) | (Thread 2) | _set_timer() rtw_surveydone_event_callback()| mod_timer() spin_lock_bh() //(1) | (wait a time) ... | rtw_scan_timeout_handler() del_timer_sync() | spin_lock_bh() //(2) (wait timer to stop) | ... We hold pmlmepriv->lock in position (1) of thread 1 and use del_timer_sync() to wait timer to stop, but timer handler also need pmlmepriv->lock in position (2) of thread 2. As a result, rtw_surveydone_event_callback() will block forever. This patch extracts del_timer_sync() from the protection of spin_lock_bh(), which could let timer handler to obtain the needed lock. What`s more, we change spin_lock_bh() in rtw_scan_timeout_handler() to spin_lock_irq(). Otherwise, spin_lock_bh() will also cause deadlock() in timer handler.

References (6)

Core 6

Scores

CVSS v3 5.5
EPSS 0.0018
EPSS Percentile 8.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-667
Status published
Products (17)
linux/Kernel 4.12.0 - 5.10.237linux
linux/Kernel 5.11.0 - 5.15.47linux
linux/Kernel 5.16.0 - 5.17.15linux
linux/Kernel 5.18.0 - 5.18.4linux
Linux/Linux < 4.12
Linux/Linux 4.12
Linux/Linux 5.10.237 - 5.10.*
Linux/Linux 5.15.47 - 5.15.*
Linux/Linux 5.17.15 - 5.17.*
Linux/Linux 5.18.4 - 5.18.*
... and 7 more
Published Feb 26, 2025
Tracked Since Feb 18, 2026