CVE-2022-50833

EPSS 0.02%
Veröffentlicht 30.12.2025 12:10:54
Zuletzt bearbeitet 31.12.2025 20:43:05
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

syzbot is reporting attempt to schedule hdev->cmd_work work from system_wq
WQ into hdev->workqueue WQ which is under draining operation [1], for
commit c8efcc2589464ac7 ("workqueue: allow chained queueing during
destruction") does not allow such operation.

The check introduced by commit 877afadad2dce8aa ("Bluetooth: When HCI work
queue is drained, only queue chained work") was incomplete.

Use hdev->workqueue WQ when queuing hdev->{cmd,ncmd}_timer works because
hci_{cmd,ncmd}_timeout() calls queue_work(hdev->workqueue). Also, protect
the queuing operation with RCU read lock in order to avoid calling
queue_delayed_work() after cancel_delayed_work() completed.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c4635cf3d845a7324c25c52d549b70c8bd7ad4c7

Version 3b382555706558f5c0587862b6dc03e96a252bba

Status affected

Version < 3c6b036fe5c8ed8b6c4cbdc03605929882907ef0

Version 877afadad2dce8aae1f2aad8ce47e072d4f6165e

Status affected

Version < deee93d13d385103205879a8a0915036ecd83261

Version 877afadad2dce8aae1f2aad8ce47e072d4f6165e

Status affected

Version 4bf367fa1fefabdf14938d0ac9ed60020389112e

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.0

Status affected

Version < 6.0

Version 0

Status unaffected

Version <= 5.19.*

Version 5.19.15

Status unaffected

Version <= 6.0.*

Version 6.0.1

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/c4635cf3d845a7324c25c52d549b70c8bd7ad4c7

https://git.kernel.org/stable/c/3c6b036fe5c8ed8b6c4cbdc03605929882907ef0

https://git.kernel.org/stable/c/deee93d13d385103205879a8a0915036ecd83261

https://nvd.nist.gov/vuln/detail/CVE-2022-50833

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50833

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50833

EUVD