CVE-2022-50833Race Condition in Linux

CWE-362Race Condition7 documents6 sources
Severity
6.6MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works syzbot is reporting attempt to schedule hdev->cmd_work work from system_wq WQ into hdev->workqueue WQ which is under draining operation [1], for commit c8efcc2589464ac7 ("workqueue: allow chained queueing during destruction") does not allow such operation. The check introduced by commit 877afadad2dce8aa ("Bluetooth: When HCI work queue is drained, only q

Affected Packages4 packages

Linuxlinux/linux_kernel5.20.06.0.1+1
Debianlinux/linux_kernel< 6.0.2-1+2
CVEListV5linux/linux3b382555706558f5c0587862b6dc03e96a252bbac4635cf3d845a7324c25c52d549b70c8bd7ad4c7+4
debiandebian/linux< linux 6.0.2-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-rxjc-h4m5-gvq8: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works syzbot2025-12-30
OSV
Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works2025-12-30
OSV
CVE-2022-50833: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works syzbot is2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works2025-12-30
Debian
CVE-2022-50833: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50833 Impact, Exploitability, and Mitigation Steps | Wiz