DEBIAN-CVE-2022-50044
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-50044
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50044.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-50044
- Upstream
- Published
- 2025-06-18T11:15:32Z
- Modified
- 2025-09-25T03:21:52.429811Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1) Such event may be dropped by qcommhiqrtrdlcallback() at check: if (!qdev || mhires->transactionstatus) return; Because devsetdrvdata(&mhidev->dev, qdev) may be not performed at this moment. In this situation qrtr-ns will be unable to enumerate services in device. --------------------------------------------------------------- 2) Such event may come at the moment after devsetdrvdata() and before qrtrendpointregister(). In this case kernel will panic with accessing wrong pointer at qcommhiqrtrdlcallback(): rc = qrtrendpointpost(&qdev->ep, mhires->bufaddr, mhires->bytesxferd); Because endpoint is not created yet. -------------------------------------------------------------- So move mhipreparefortransfer_autoqueue after endpoint creation to fix it.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source