CVE-2022-50044

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the qrtr (Qualcomm Remote Transport) module. The issue arises when the MHI (Mobile Hardware Interface) channel generates events or interrupts immediately after being enabled, leading to two potential race conditions. The first race condition occurs when an event is dropped by the qcom mhi qrtr dl callback() function because dev set drvdata() has not been performed yet, preventing qrtr-ns from enumerating services in the device. The second race condition happens when an event occurs after dev set drvdata() but before qrtr endpoint register(), causing a kernel panic due to accessing a wrong pointer in qcom mhi qrtr dl callback(). This is because the endpoint has not been created yet.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.