fkie_cve-2022-49555
Vulnerability from fkie_nvd
Published
2025-02-26 07:01
Modified
2025-02-26 07:01
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_qca: Use del_timer_sync() before freeing
While looking at a crash report on a timer list being corrupted, which
usually happens when a timer is freed while still active. This is
commonly triggered by code calling del_timer() instead of
del_timer_sync() just before freeing.
One possible culprit is the hci_qca driver, which does exactly that.
Eric mentioned that wake_retrans_timer could be rearmed via the work
queue, so also move the destruction of the work queue before
del_timer_sync().
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_qca: Use del_timer_sync() before freeing\n\nWhile looking at a crash report on a timer list being corrupted, which\nusually happens when a timer is freed while still active. This is\ncommonly triggered by code calling del_timer() instead of\ndel_timer_sync() just before freeing.\n\nOne possible culprit is the hci_qca driver, which does exactly that.\n\nEric mentioned that wake_retrans_timer could be rearmed via the work\nqueue, so also move the destruction of the work queue before\ndel_timer_sync()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: hci_qca: usar del_timer_sync() antes de liberar Al mirar un informe de fallas en una lista de temporizadores que se est\u00e1 corrompiendo, lo que generalmente sucede cuando se libera un temporizador mientras a\u00fan est\u00e1 activo. Esto se activa com\u00fanmente por el c\u00f3digo que llama a del_timer() en lugar de del_timer_sync() justo antes de liberar. Un posible culpable es el controlador hci_qca, que hace exactamente eso. Eric mencion\u00f3 que wake_retrans_timer podr\u00eda volver a armarse a trav\u00e9s de la cola de trabajo, as\u00ed que tambi\u00e9n mueva la destrucci\u00f3n de la cola de trabajo antes de del_timer_sync()."
}
],
"id": "CVE-2022-49555",
"lastModified": "2025-02-26T07:01:31.313",
"metrics": {},
"published": "2025-02-26T07:01:31.313",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/2717654ae022e6ea959a4b7b762702fe1a4690c2"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/37d17f63d085d601011964ade7371aeebeb6ed4b"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/4989bb03342941f2b730b37dfa38bce27b543661"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/72ef98445aca568a81c2da050532500a8345ad3a"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/db03727b4bbbbb36e6ef4cb655c670eefb6448e9"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…