Vulnerability Database

296,869

Total vulnerabilities in the database

CVE-2022-49311

In the Linux kernel, the following vulnerability has been resolved:

drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()

There is a deadlock in rtw_joinbss_event_prehandle(), which is shown below:

(Thread 1) | (Thread 2) | _set_timer() rtw_joinbss_event_prehandle()| mod_timer() spin_lock_bh() //(1) | (wait a time) ... | _rtw_join_timeout_handler() del_timer_sync() | spin_lock_bh() //(2) (wait timer to stop) | ...

We hold pmlmepriv->lock in position (1) of thread 1 and use del_timer_sync() to wait timer to stop, but timer handler also need pmlmepriv->lock in position (2) of thread 2. As a result, rtw_joinbss_event_prehandle() will block forever.

This patch extracts del_timer_sync() from the protection of spin_lock_bh(), which could let timer handler to obtain the needed lock. What`s more, we change spin_lock_bh() to spin_lock_irq() in _rtw_join_timeout_handler() in order to prevent deadlock.

  • Published: Feb 26, 2025
  • Updated: May 4, 2025
  • CVE: CVE-2022-49311
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 5.18 5.18.4
linux / linux_kernel 5.16 5.17.15
linux / linux_kernel - 5.15.47