CVE-2022-49954

Summary

In the Linux kernel, the following vulnerability has been resolved:

Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag

syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interruptible() with dev->mutex held is blocking input_disconnect_device() from __input_unregister_device().

It seems that the cause is simply that commit c2b27ef672992a20 ("Input: iforce - wait for command completion when closing the device") forgot to call wake_up() after clear_bit().

Fix this problem by introducing a helper that calls clear_bit() followed by wake_up_all().

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc2b27ef672992a206e5b221b8676972dd840ffa5 < d186c65599bff0222da37b9215784ddfe39f9e1baffected
LinuxLinuxc2b27ef672992a206e5b221b8676972dd840ffa5 < b271090eea3899399e2adcf79c9c95367d472b03affected
LinuxLinuxc2b27ef672992a206e5b221b8676972dd840ffa5 < df1b53bc799d58f79701c465505a206c72ad4ab8affected
LinuxLinuxc2b27ef672992a206e5b221b8676972dd840ffa5 < b533b9d3a0d1327cbb31c201dc8dbbf98c8bfe3caffected
LinuxLinuxc2b27ef672992a206e5b221b8676972dd840ffa5 < 98e01215708b6d416345465c09dce2bd4868c67aaffected
LinuxLinux2.6.33affected
LinuxLinux0 < 2.6.33unaffected
LinuxLinux5.4.213 <= 5.4.*unaffected
LinuxLinux5.10.142 <= 5.10.*unaffected
LinuxLinux5.15.66 <= 5.15.*unaffected
LinuxLinux5.19.8 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References