CVE-2022-50044 Information

Jun 19, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

net: qrtr: start MHI channel after endpoit creation

MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues.

Such event may be dropped by qcom_mhi_qrtr_dl_callback() at check:

if (!qdev || mhi_res->transaction_status)
	return;

Because dev_set_drvdata(&mhi_dev->dev qdev) may be not performed at this moment. In this situation qrtr-ns will be unable to enumerate services in device.

Such event may come at the moment after dev_set_drvdata() and before qrtr_endpoint_register(). In this case kernel will panic with accessing wrong pointer at qcom_mhi_qrtr_dl_callback():

rc = qrtr_endpoint_post(&qdev->ep mhi_res->buf_addr
			mhi_res->bytes_xferd);

Because endpoint is not created yet.

So move mhi_prepare_for_transfer_autoqueue after endpoint creation to fix it.

Reference

https://git.kernel.org/stable/c/68a838b84effb7b57ba7d50b1863fc6ae35a54ce https://git.kernel.org/stable/c/a1a75f78a2937567946b1b756f82462874b5ca20 https://git.kernel.org/stable/c/c682fb70a7dfc25b848a4ff3a385b0471b470606

CNNVD-202506-2332 (Published: 2025-06-18)

Share on:

CVE-2022-50044 Information

Description

Because dev_set_drvdata(&mhi_dev->dev qdev) may be not performed at this moment. In this situation qrtr-ns will be unable to enumerate services in device.

Because endpoint is not created yet.

Reference

Related CNNVD