CVE-2022-50166

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel's Bluetooth functionality has been identified. When the HCI work queue is drained, only queue chained work is allowed, but another delayed work can still queue commands to this drained workqueue, resulting in an error. This issue can cause a deadlock and has been observed with an error report indicating a command timeout. The vulnerability affects the HCI command, event, and data packet processing workqueue.

Recommendations To fix this issue, a new HCI DRAIN WQ flag can be added to prevent queuing the timeout workqueue while the command workqueue is draining. At the moment, there is no information about a newer version that contains a fix for this vulnerability.