CVE-2022-50044
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
18/06/2025
Last modified:
13/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: qrtr: start MHI channel after endpoit creation<br />
<br />
MHI channel may generates event/interrupt right after enabling.<br />
It may leads to 2 race conditions issues.<br />
<br />
1)<br />
Such event may be dropped by qcom_mhi_qrtr_dl_callback() at check:<br />
<br />
if (!qdev || mhi_res->transaction_status)<br />
return;<br />
<br />
Because dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at<br />
this moment. In this situation qrtr-ns will be unable to enumerate<br />
services in device.<br />
---------------------------------------------------------------<br />
<br />
2)<br />
Such event may come at the moment after dev_set_drvdata() and<br />
before qrtr_endpoint_register(). In this case kernel will panic with<br />
accessing wrong pointer at qcom_mhi_qrtr_dl_callback():<br />
<br />
rc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr,<br />
mhi_res->bytes_xferd);<br />
<br />
Because endpoint is not created yet.<br />
--------------------------------------------------------------<br />
So move mhi_prepare_for_transfer_autoqueue after endpoint creation<br />
to fix it.
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.63 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 5.19.4 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page