CVE-2022-50044
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: qrtr: start MHI channel after endpoit creation
MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues.
Such event may be dropped by qcom_mhi_qrtr_dl_callback() at check:
if (!qdev || mhi_res->transaction_status)
return;
Because dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at this moment. In this situation qrtr-ns will be unable to enumerate services in device.
Such event may come at the moment after dev_set_drvdata() and before qrtr_endpoint_register(). In this case kernel will panic with accessing wrong pointer at qcom_mhi_qrtr_dl_callback():
rc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr,
mhi_res->bytes_xferd);
Because endpoint is not created yet.
So move mhi_prepare_for_transfer_autoqueue after endpoint creation to fix it.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a2e2cc0dbb1121dfa875da1c04f3dff966fec162 < c682fb70a7dfc25b848a4ff3a385b0471b470606 | affected |
| Linux | Linux | a2e2cc0dbb1121dfa875da1c04f3dff966fec162 < a1a75f78a2937567946b1b756f82462874b5ca20 | affected |
| Linux | Linux | a2e2cc0dbb1121dfa875da1c04f3dff966fec162 < 68a838b84effb7b57ba7d50b1863fc6ae35a54ce | affected |
| Linux | Linux | 5.11 | affected |
| Linux | Linux | 0 < 5.11 | unaffected |
| Linux | Linux | 5.15.63 <= 5.15.* | unaffected |
| Linux | Linux | 5.19.4 <= 5.19.* | unaffected |
| Linux | Linux | 6.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/c682fb70a7dfc25b848a4ff3a385b0471b470606
- https://git.kernel.org/stable/c/a1a75f78a2937567946b1b756f82462874b5ca20
- https://git.kernel.org/stable/c/68a838b84effb7b57ba7d50b1863fc6ae35a54ce
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.