CVE-2022-48784

My previous fix here to fix the deadlock left a race where the exact same deadlock (see the original commit referenced below) can still happen if cfg80211destroyifaces() already runs while nl80211netlinknotify() is still marking some interfaces as nlownerdead.

The race happens because we have two loops here - first we dev_close() all the netdevs, and then we destroy them. If we also have two netdevs (first one need only be a wdev though) then we can find one during the first iteration, close it, and go to the second iteration -- but then find two, and try to destroy also the one we didn't close yet.

Fix this by only iterating once.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48784.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ea6b2098dd02789f68770fd3d5a373732207be2f

Fixed

241e633cb379c4f332fc1baf2abec95ec840cbeb

Fixed

c979f792a2baf6d0f3419587668a1a6eba46a3d2

Fixed

f0a6fd1527067da537e9c48390237488719948ed

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2e4f97122f3a9df870dfe9671994136448890768

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48784.json"