fkie_cve-2022-50044
Vulnerability from fkie_nvd
Published
2025-06-18 11:15
Modified
2025-06-18 13:47
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1) Such event may be dropped by qcom_mhi_qrtr_dl_callback() at check: if (!qdev || mhi_res->transaction_status) return; Because dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at this moment. In this situation qrtr-ns will be unable to enumerate services in device. --------------------------------------------------------------- 2) Such event may come at the moment after dev_set_drvdata() and before qrtr_endpoint_register(). In this case kernel will panic with accessing wrong pointer at qcom_mhi_qrtr_dl_callback(): rc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr, mhi_res->bytes_xferd); Because endpoint is not created yet. -------------------------------------------------------------- So move mhi_prepare_for_transfer_autoqueue after endpoint creation to fix it.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/68a838b84effb7b57ba7d50b1863fc6ae35a54ce
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a1a75f78a2937567946b1b756f82462874b5ca20
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c682fb70a7dfc25b848a4ff3a385b0471b470606
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: start MHI channel after endpoit creation\n\nMHI channel may generates event/interrupt right after enabling.\nIt may leads to 2 race conditions issues.\n\n1)\nSuch event may be dropped by qcom_mhi_qrtr_dl_callback() at check:\n\n\tif (!qdev || mhi_res-\u003etransaction_status)\n\t\treturn;\n\nBecause dev_set_drvdata(\u0026mhi_dev-\u003edev, qdev) may be not performed at\nthis moment. In this situation qrtr-ns will be unable to enumerate\nservices in device.\n---------------------------------------------------------------\n\n2)\nSuch event may come at the moment after dev_set_drvdata() and\nbefore qrtr_endpoint_register(). In this case kernel will panic with\naccessing wrong pointer at qcom_mhi_qrtr_dl_callback():\n\n\trc = qrtr_endpoint_post(\u0026qdev-\u003eep, mhi_res-\u003ebuf_addr,\n\t\t\t\tmhi_res-\u003ebytes_xferd);\n\nBecause endpoint is not created yet.\n--------------------------------------------------------------\nSo move mhi_prepare_for_transfer_autoqueue after endpoint creation\nto fix it."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: qrtr: iniciar canal MHI despu\u00e9s de la creaci\u00f3n del endpoint El canal MHI puede generar un evento/interrupci\u00f3n justo despu\u00e9s de habilitarse. Esto puede provocar dos problemas de condiciones de ejecuci\u00f3n. 1) Dicho evento puede ser descartado por qcom_mhi_qrtr_dl_callback() en la comprobaci\u00f3n: if (!qdev || mhi_res-\u0026gt;transaction_status) return; Porque dev_set_drvdata(\u0026amp;mhi_dev-\u0026gt;dev, qdev) puede no ejecutarse en este momento. En esta situaci\u00f3n, qrtr-ns no podr\u00e1 enumerar los servicios en el dispositivo. --------------------------------------------------------------- 2) Dicho evento puede ocurrir despu\u00e9s de dev_set_drvdata() y antes de qrtr_endpoint_register(). En este caso, el kernel entrar\u00e1 en p\u00e1nico al acceder al puntero incorrecto en qcom_mhi_qrtr_dl_callback(): rc = qrtr_endpoint_post(\u0026amp;qdev-\u0026gt;ep, mhi_res-\u0026gt;buf_addr, mhi_res-\u0026gt;bytes_xferd); Porque el endpoint a\u00fan no se ha creado. -------------------------------------------------------------- Por lo tanto, mueva mhi_prepare_for_transfer_autoqueue despu\u00e9s de la creaci\u00f3n del endpoint para solucionarlo."
    }
  ],
  "id": "CVE-2022-50044",
  "lastModified": "2025-06-18T13:47:40.833",
  "metrics": {},
  "published": "2025-06-18T11:15:32.897",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/68a838b84effb7b57ba7d50b1863fc6ae35a54ce"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a1a75f78a2937567946b1b756f82462874b5ca20"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c682fb70a7dfc25b848a4ff3a385b0471b470606"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.