Executive Summary

Informations
Name CVE-2022-49303 First vendor Publication 2025-02-26
Vendor Cve Last vendor Modification 2025-04-14

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle

There is a deadlock in rtw_joinbss_event_prehandle(), which is shown below:

(Thread 1) | (Thread 2)
| _set_timer() rtw_joinbss_event_prehandle()| mod_timer()
spin_lock_bh() //(1) | (wait a time)
... | rtw_join_timeout_handler()
| _rtw_join_timeout_handler()
del_timer_sync() | spin_lock_bh() //(2)
(wait timer to stop) | ...

We hold pmlmepriv->lock in position (1) of thread 1 and use del_timer_sync() to wait timer to stop, but timer handler also need pmlmepriv->lock in position (2) of thread 2. As a result, rtw_joinbss_event_prehandle() will block forever.

This patch extracts del_timer_sync() from the protection of spin_lock_bh(), which could let timer handler to obtain the needed lock. What`s more, we change spin_lock_bh() to spin_lock_irq() in _rtw_join_timeout_handler() in order to prevent deadlock.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49303

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-667 Insufficient Locking

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3539

Sources (Detail)

https://git.kernel.org/stable/c/0fcddf9c7c10202946d5b19409efbdff744fba88
https://git.kernel.org/stable/c/25cf414b0610fea29d8e045f315648d9007c9a46
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2025-06-26 02:09:30
  • Multiple Updates
2025-06-25 12:22:20
  • Multiple Updates
2025-06-24 02:14:06
  • Multiple Updates
2025-05-27 13:23:25
  • Multiple Updates
2025-05-27 02:09:59
  • Multiple Updates
2025-02-26 17:20:32
  • First insertion