-

CVE-2022-50339

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()

syzbot is again reporting attempt to cancel uninitialized work
at mgmt_index_removed() [1], for setting of HCI_MGMT flag from
mgmt_init_hdev() from hci_mgmt_cmd() from hci_sock_sendmsg() can
race with testing of HCI_MGMT flag from mgmt_index_removed() from
hci_sock_bind() due to lack of serialization via hci_dev_lock().

Since mgmt_init_hdev() is called with mgmt_chan_list_lock held, we can
safely split hci_dev_test_and_set_flag() into hci_dev_test_flag() and
hci_dev_set_flag(). Thus, in order to close this race, set HCI_MGMT flag
after INIT_DELAYED_WORK() completed.

This is a local fix based on mgmt_chan_list_lock. Lack of serialization
via hci_dev_lock() might be causing different race conditions somewhere
else. But a global fix based on hci_dev_lock() should deserve a future
patch.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < e53c6180db8dd09de94e0a3bdf4fef6f5f9dd6e6
Version 3f2893d3c142986aa935821460cb3adb77044722
Status affected
Version < f74ca25d6d6629ffd4fd80a1a73037253b57d06b
Version 3f2893d3c142986aa935821460cb3adb77044722
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.0
Status affected
Version < 6.0
Version 0
Status unaffected
Version <= 6.0.*
Version 6.0.3
Status unaffected
Version <= *
Version 6.1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String