CVE-2022-50339
EUVD-2022-5562316.09.2025, 17:15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again reporting attempt to cancel uninitialized work at mgmt_index_removed() [1], for setting of HCI_MGMT flag from mgmt_init_hdev() from hci_mgmt_cmd() from hci_sock_sendmsg() can race with testing of HCI_MGMT flag from mgmt_index_removed() from hci_sock_bind() due to lack of serialization via hci_dev_lock(). Since mgmt_init_hdev() is called with mgmt_chan_list_lock held, we can safely split hci_dev_test_and_set_flag() into hci_dev_test_flag() and hci_dev_set_flag(). Thus, in order to close this race, set HCI_MGMT flag after INIT_DELAYED_WORK() completed. This is a local fix based on mgmt_chan_list_lock. Lack of serialization via hci_dev_lock() might be causing different race conditions somewhere else. But a global fix based on hci_dev_lock() should deserve a future patch.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 6.0 ≤ 𝑥 < 6.0.3 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||
|---|---|---|---|
| cluster-md-kmp-default |
| ||
| dlm-kmp-default |
| ||
| gfs2-kmp-default |
| ||
| kernel-64kb |
| ||
| kernel-default |
| ||
| kernel-default-base |
| ||
| kernel-docs |
| ||
| kernel-macros |
| ||
| kernel-obs-build |
| ||
| kernel-source |
| ||
| kernel-syms |
| ||
| kernel-zfcpdump |
| ||
| ocfs2-kmp-default |
| ||
| reiserfs-kmp-default |
|