CVE-2022-49311

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49311
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49311.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49311
Downstream
Related
Published
2025-02-26T02:10:41Z
Modified
2025-10-21T09:59:22.612470Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()
Details

In the Linux kernel, the following vulnerability has been resolved:

drivers: staging: rtl8192bs: Fix deadlock in rtwjoinbssevent_prehandle()

There is a deadlock in rtwjoinbssevent_prehandle(), which is shown below:

(Thread 1) | (Thread 2) | settimer() rtwjoinbsseventprehandle()| modtimer() spinlockbh() //(1) | (wait a time) ... | rtwjointimeouthandler() deltimersync() | spinlockbh() //(2) (wait timer to stop) | ...

We hold pmlmepriv->lock in position (1) of thread 1 and use deltimersync() to wait timer to stop, but timer handler also need pmlmepriv->lock in position (2) of thread 2. As a result, rtwjoinbssevent_prehandle() will block forever.

This patch extracts deltimersync() from the protection of spinlockbh(), which could let timer handler to obtain the needed lock. What`s more, we change spinlockbh() to spinlockirq() in rtwjointimeouthandler() in order to prevent deadlock.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
554c0a3abf216c991c5ebddcdb2c08689ecd290b
Fixed
ae60744d5fad840b9d056d35b4b652d95e755846
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
554c0a3abf216c991c5ebddcdb2c08689ecd290b
Fixed
1f6c99b94ca3caad346876b3e22e3ca3d25bc8ee
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
554c0a3abf216c991c5ebddcdb2c08689ecd290b
Fixed
eca9748d9267a38d532464e3305a38629e9c35a9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
554c0a3abf216c991c5ebddcdb2c08689ecd290b
Fixed
041879b12ddb0c6c83ed9c0bdd10dc82a056f2fc

Affected versions

v4.*

v4.11
v4.11-rc5
v4.11-rc6
v4.11-rc7
v4.11-rc8
v4.12
v4.12-rc1
v4.12-rc2
v4.12-rc3
v4.12-rc4
v4.12-rc5
v4.12-rc6
v4.12-rc7
v4.13
v4.13-rc1
v4.13-rc2
v4.13-rc3
v4.13-rc4
v4.13-rc5
v4.13-rc6
v4.13-rc7
v4.14
v4.14-rc1
v4.14-rc2
v4.14-rc3
v4.14-rc4
v4.14-rc5
v4.14-rc6
v4.14-rc7
v4.14-rc8
v4.15
v4.15-rc1
v4.15-rc2
v4.15-rc3
v4.15-rc4
v4.15-rc5
v4.15-rc6
v4.15-rc7
v4.15-rc8
v4.15-rc9
v4.16
v4.16-rc1
v4.16-rc2
v4.16-rc3
v4.16-rc4
v4.16-rc5
v4.16-rc6
v4.16-rc7
v4.17
v4.17-rc1
v4.17-rc2
v4.17-rc3
v4.17-rc4
v4.17-rc5
v4.17-rc6
v4.17-rc7
v4.18
v4.18-rc1
v4.18-rc2
v4.18-rc3
v4.18-rc4
v4.18-rc5
v4.18-rc6
v4.18-rc7
v4.18-rc8
v4.19
v4.19-rc1
v4.19-rc2
v4.19-rc3
v4.19-rc4
v4.19-rc5
v4.19-rc6
v4.19-rc7
v4.19-rc8
v4.20
v4.20-rc1
v4.20-rc2
v4.20-rc3
v4.20-rc4
v4.20-rc5
v4.20-rc6
v4.20-rc7

v5.*

v5.0
v5.0-rc1
v5.0-rc2
v5.0-rc3
v5.0-rc4
v5.0-rc5
v5.0-rc6
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.14
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
v5.18.3
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "length": 2776.0,
            "function_hash": "3855740063056779416121084603303942797"
        },
        "signature_type": "Function",
        "id": "CVE-2022-49311-27464449",
        "target": {
            "file": "drivers/staging/rtl8723bs/core/rtw_mlme.c",
            "function": "rtw_joinbss_event_prehandle"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@041879b12ddb0c6c83ed9c0bdd10dc82a056f2fc",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 2776.0,
            "function_hash": "3855740063056779416121084603303942797"
        },
        "signature_type": "Function",
        "id": "CVE-2022-49311-3bd4991b",
        "target": {
            "file": "drivers/staging/rtl8723bs/core/rtw_mlme.c",
            "function": "rtw_joinbss_event_prehandle"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f6c99b94ca3caad346876b3e22e3ca3d25bc8ee",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 2776.0,
            "function_hash": "3855740063056779416121084603303942797"
        },
        "signature_type": "Function",
        "id": "CVE-2022-49311-8ac6a808",
        "target": {
            "file": "drivers/staging/rtl8723bs/core/rtw_mlme.c",
            "function": "rtw_joinbss_event_prehandle"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eca9748d9267a38d532464e3305a38629e9c35a9",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "172223227933891095506809584906650542952",
                "287118705702629311559203056403605033769",
                "7469402895797796783819986558899036051",
                "183723281402703106527594683397701408361",
                "331140480606492234305013708248533071053",
                "196289558753906754991450715089900405274",
                "3812825970029137492459930205652602459",
                "160884521953941595683161688917306260707",
                "330677152423135473813853020694374386315",
                "267694050991392000553725660819800897079",
                "105443792990885365883596153136156645729",
                "28173650280103303283822071763978926927"
            ]
        },
        "signature_type": "Line",
        "id": "CVE-2022-49311-93489015",
        "target": {
            "file": "drivers/staging/rtl8723bs/core/rtw_mlme.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@041879b12ddb0c6c83ed9c0bdd10dc82a056f2fc",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 2776.0,
            "function_hash": "3855740063056779416121084603303942797"
        },
        "signature_type": "Function",
        "id": "CVE-2022-49311-d92db38c",
        "target": {
            "file": "drivers/staging/rtl8723bs/core/rtw_mlme.c",
            "function": "rtw_joinbss_event_prehandle"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ae60744d5fad840b9d056d35b4b652d95e755846",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "172223227933891095506809584906650542952",
                "287118705702629311559203056403605033769",
                "7469402895797796783819986558899036051",
                "183723281402703106527594683397701408361",
                "331140480606492234305013708248533071053",
                "196289558753906754991450715089900405274",
                "3812825970029137492459930205652602459",
                "160884521953941595683161688917306260707",
                "330677152423135473813853020694374386315",
                "267694050991392000553725660819800897079",
                "105443792990885365883596153136156645729",
                "28173650280103303283822071763978926927"
            ]
        },
        "signature_type": "Line",
        "id": "CVE-2022-49311-dd509c8d",
        "target": {
            "file": "drivers/staging/rtl8723bs/core/rtw_mlme.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eca9748d9267a38d532464e3305a38629e9c35a9",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "172223227933891095506809584906650542952",
                "287118705702629311559203056403605033769",
                "7469402895797796783819986558899036051",
                "183723281402703106527594683397701408361",
                "331140480606492234305013708248533071053",
                "196289558753906754991450715089900405274",
                "3812825970029137492459930205652602459",
                "160884521953941595683161688917306260707",
                "330677152423135473813853020694374386315",
                "267694050991392000553725660819800897079",
                "105443792990885365883596153136156645729",
                "28173650280103303283822071763978926927"
            ]
        },
        "signature_type": "Line",
        "id": "CVE-2022-49311-de904b7b",
        "target": {
            "file": "drivers/staging/rtl8723bs/core/rtw_mlme.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f6c99b94ca3caad346876b3e22e3ca3d25bc8ee",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "172223227933891095506809584906650542952",
                "287118705702629311559203056403605033769",
                "7469402895797796783819986558899036051",
                "183723281402703106527594683397701408361",
                "331140480606492234305013708248533071053",
                "196289558753906754991450715089900405274",
                "3812825970029137492459930205652602459",
                "160884521953941595683161688917306260707",
                "330677152423135473813853020694374386315",
                "267694050991392000553725660819800897079",
                "105443792990885365883596153136156645729",
                "28173650280103303283822071763978926927"
            ]
        },
        "signature_type": "Line",
        "id": "CVE-2022-49311-fcf3cb1c",
        "target": {
            "file": "drivers/staging/rtl8723bs/core/rtw_mlme.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ae60744d5fad840b9d056d35b4b652d95e755846",
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.12.0
Fixed
5.15.47
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.17.15
Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
5.18.4