In the Linux kernel, the following vulnerability has been resolved:
drivers: staging: rtl8192u: Fix deadlock in ieee80211beaconsstop()
There is a deadlock in ieee80211beaconsstop(), which is shown below:
(Thread 1) | (Thread 2) | ieee80211sendbeacon() ieee80211beaconsstop() | modtimer() spinlockirqsave() //(1) | (wait a time) ... | ieee80211sendbeaconcb() deltimersync() | spinlockirqsave() //(2) (wait timer to stop) | ...
We hold ieee->beaconlock in position (1) of thread 1 and use deltimersync() to wait timer to stop, but timer handler also need ieee->beaconlock in position (2) of thread 2. As a result, ieee80211beaconsstop() will block forever.
This patch extracts deltimersync() from the protection of spinlockirqsave(), which could let timer handler to obtain the needed lock.
{ "vanir_signatures": [ { "digest": { "length": 219.0, "function_hash": "162084204473686808988560032162390359480" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fbe033c52480f7954c057510040fa6286c4ea25", "signature_type": "Function", "target": { "function": "ieee80211_beacons_stop", "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-02199f59" }, { "digest": { "line_hashes": [ "42165264800563504709064141245105154257", "335490778857769804395887686304905799588", "326106736010244996026759725804724753821", "182645278139030675419303542750288563867", "314661120644159474893526806436649071869" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@66f769762f65d957f688f3258755c6ec410bf710", "signature_type": "Line", "target": { "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-06ffc459" }, { "digest": { "length": 219.0, "function_hash": "162084204473686808988560032162390359480" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@66f769762f65d957f688f3258755c6ec410bf710", "signature_type": "Function", "target": { "function": "ieee80211_beacons_stop", "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-0a68dc27" }, { "digest": { "length": 219.0, "function_hash": "162084204473686808988560032162390359480" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ffc9cab7243f8151be37966301307bfd3cda2db3", "signature_type": "Function", "target": { "function": "ieee80211_beacons_stop", "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-21b319cb" }, { "digest": { "line_hashes": [ "42165264800563504709064141245105154257", "335490778857769804395887686304905799588", "326106736010244996026759725804724753821", "182645278139030675419303542750288563867", "314661120644159474893526806436649071869" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1fbe033c52480f7954c057510040fa6286c4ea25", "signature_type": "Line", "target": { "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-239b299c" }, { "digest": { "length": 219.0, "function_hash": "162084204473686808988560032162390359480" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042915c1bfedd684c1d98a841794ee203200571a", "signature_type": "Function", "target": { "function": "ieee80211_beacons_stop", "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-2fe9687f" }, { "digest": { "line_hashes": [ "42165264800563504709064141245105154257", "335490778857769804395887686304905799588", "326106736010244996026759725804724753821", "182645278139030675419303542750288563867", "314661120644159474893526806436649071869" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b465bb2ebf666116c1ac745cb80c65154dc0d27e", "signature_type": "Line", "target": { "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-4997a46d" }, { "digest": { "length": 219.0, "function_hash": "162084204473686808988560032162390359480" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b465bb2ebf666116c1ac745cb80c65154dc0d27e", "signature_type": "Function", "target": { "function": "ieee80211_beacons_stop", "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-4b595559" }, { "digest": { "length": 219.0, "function_hash": "162084204473686808988560032162390359480" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b34cb54923a6e5ddefbaf358c85c922c6ab456e2", "signature_type": "Function", "target": { "function": "ieee80211_beacons_stop", "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-5cdaf0a0" }, { "digest": { "line_hashes": [ "42165264800563504709064141245105154257", "335490778857769804395887686304905799588", "326106736010244996026759725804724753821", "182645278139030675419303542750288563867", "314661120644159474893526806436649071869" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ffc9cab7243f8151be37966301307bfd3cda2db3", "signature_type": "Line", "target": { "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-87f34077" }, { "digest": { "line_hashes": [ "42165264800563504709064141245105154257", "335490778857769804395887686304905799588", "326106736010244996026759725804724753821", "182645278139030675419303542750288563867", "314661120644159474893526806436649071869" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042915c1bfedd684c1d98a841794ee203200571a", "signature_type": "Line", "target": { "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-92dd00e6" }, { "digest": { "line_hashes": [ "42165264800563504709064141245105154257", "335490778857769804395887686304905799588", "326106736010244996026759725804724753821", "182645278139030675419303542750288563867", "314661120644159474893526806436649071869" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b34cb54923a6e5ddefbaf358c85c922c6ab456e2", "signature_type": "Line", "target": { "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-b9ccca51" }, { "digest": { "line_hashes": [ "42165264800563504709064141245105154257", "335490778857769804395887686304905799588", "326106736010244996026759725804724753821", "182645278139030675419303542750288563867", "314661120644159474893526806436649071869" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@806c7b53414934ba2a39449b31fd1a038e500273", "signature_type": "Line", "target": { "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-d5b19ae3" }, { "digest": { "length": 219.0, "function_hash": "162084204473686808988560032162390359480" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@806c7b53414934ba2a39449b31fd1a038e500273", "signature_type": "Function", "target": { "function": "ieee80211_beacons_stop", "file": "drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c" }, "deprecated": false, "signature_version": "v1", "id": "CVE-2022-49305-d5cc6782" } ] }