Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again reporting attempt to cancel uninitialized work at mgmt_index_removed() [1], for setting of HCI_MGMT flag from mgmt_init_hdev() from hci_mgmt_cmd() from hci_sock_sendmsg() can race with testing of HCI_MGMT flag from mgmt_index_removed() from hci_sock_bind() due to lack of serialization via hci_dev_lock(). Since mgmt_init_hdev() is called with mgmt_chan_list_lock held, we can safely split hci_dev_test_and_set_flag() into hci_dev_test_flag() and hci_dev_set_flag(). Thus, in order to close this race, set HCI_MGMT flag after INIT_DELAYED_WORK() completed. This is a local fix based on mgmt_chan_list_lock. Lack of serialization via hci_dev_lock() might be causing different race conditions somewhere else. But a global fix based on hci_dev_lock() should deserve a future patch.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.0, < 6.0.3 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/e53c6180db8dd09de94e0a3bdf4fef6f5f9dd6e6Patch
- https://git.kernel.org/stable/c/f74ca25d6d6629ffd4fd80a1a73037253b57d06bPatch
FAQ
What is CVE-2022-50339?
CVE-2022-50339 is a vulnerability with a CVSS score of 7.0 (HIGH). In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again reporting attempt to cancel uninitialized work at...
How severe is CVE-2022-50339?
CVE-2022-50339 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-50339?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.