CVE-2022-50044

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-50044

4.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

I

n the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1) Such event may be dropped by qcom_mhi_qrtr_dl_callback() at check: if (!qdev || mhi_res->transaction_status) return; Because dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at this moment. In this situation qrtr-ns will be unable to enumerate services in device. --------------------------------------------------------------- 2) Such event may come at the moment after dev_set_drvdata() and before qrtr_endpoint_register(). In this case kernel will panic with accessing wrong pointer at qcom_mhi_qrtr_dl_callback(): rc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr, mhi_res->bytes_xferd); Because endpoint is not created yet. -------------------------------------------------------------- So move mhi_prepare_for_transfer_autoqueue after endpoint creation to fix it.

References
Link Resource
https://git.kernel.org/stable/c/68a838b84effb7b57ba7d50b1863fc6ae35a54ce Patch
https://git.kernel.org/stable/c/a1a75f78a2937567946b1b756f82462874b5ca20 Patch
https://git.kernel.org/stable/c/c682fb70a7dfc25b848a4ff3a385b0471b470606 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
History

13 Nov 2025, 18:32

Type Values Removed Values Added
First Time Linux linux Kernel
Linux
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: qrtr: iniciar canal MHI después de la creación del endpoint El canal MHI puede generar un evento/interrupción justo después de habilitarse. Esto puede provocar dos problemas de condiciones de ejecución. 1) Dicho evento puede ser descartado por qcom_mhi_qrtr_dl_callback() en la comprobación: if (!qdev || mhi_res->transaction_status) return; Porque dev_set_drvdata(&mhi_dev->dev, qdev) puede no ejecutarse en este momento. En esta situación, qrtr-ns no podrá enumerar los servicios en el dispositivo. --------------------------------------------------------------- 2) Dicho evento puede ocurrir después de dev_set_drvdata() y antes de qrtr_endpoint_register(). En este caso, el kernel entrará en pánico al acceder al puntero incorrecto en qcom_mhi_qrtr_dl_callback(): rc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr, mhi_res->bytes_xferd); Porque el endpoint aún no se ha creado. -------------------------------------------------------------- Por lo tanto, mueva mhi_prepare_for_transfer_autoqueue después de la creación del endpoint para solucionarlo.
References () https://git.kernel.org/stable/c/68a838b84effb7b57ba7d50b1863fc6ae35a54ce - () https://git.kernel.org/stable/c/68a838b84effb7b57ba7d50b1863fc6ae35a54ce - Patch
References () https://git.kernel.org/stable/c/a1a75f78a2937567946b1b756f82462874b5ca20 - () https://git.kernel.org/stable/c/a1a75f78a2937567946b1b756f82462874b5ca20 - Patch
References () https://git.kernel.org/stable/c/c682fb70a7dfc25b848a4ff3a385b0471b470606 - () https://git.kernel.org/stable/c/c682fb70a7dfc25b848a4ff3a385b0471b470606 - Patch
CWE CWE-362
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.7

18 Jun 2025, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-18 11:15

Updated : 2025-11-13 18:32

NVD link : CVE-2022-50044

Mitre link : CVE-2022-50044

CVE.ORG link : CVE-2022-50044

JSON object : View

Products Affected

linux

CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')