CVE-2022-49303

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle<br /> <br /> There is a deadlock in rtw_joinbss_event_prehandle(), which is shown below:<br /> <br /> (Thread 1) | (Thread 2)<br /> | _set_timer()<br /> rtw_joinbss_event_prehandle()| mod_timer()<br /> spin_lock_bh() //(1) | (wait a time)<br /> ... | rtw_join_timeout_handler()<br /> | _rtw_join_timeout_handler()<br /> del_timer_sync() | spin_lock_bh() //(2)<br /> (wait timer to stop) | ...<br /> <br /> We hold pmlmepriv-&gt;lock in position (1) of thread 1 and<br /> use del_timer_sync() to wait timer to stop, but timer handler<br /> also need pmlmepriv-&gt;lock in position (2) of thread 2.<br /> As a result, rtw_joinbss_event_prehandle() will block forever.<br /> <br /> This patch extracts del_timer_sync() from the protection of<br /> spin_lock_bh(), which could let timer handler to obtain<br /> the needed lock. What`s more, we change spin_lock_bh() to<br /> spin_lock_irq() in _rtw_join_timeout_handler() in order to<br /> prevent deadlock.