{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50044","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-06-18T10:57:27.399Z","datePublished":"2025-06-18T11:01:45.296Z","dateUpdated":"2026-05-11T19:11:45.868Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:11:45.868Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: start MHI channel after endpoit creation\n\nMHI channel may generates event/interrupt right after enabling.\nIt may leads to 2 race conditions issues.\n\n1)\nSuch event may be dropped by qcom_mhi_qrtr_dl_callback() at check:\n\n\tif (!qdev || mhi_res->transaction_status)\n\t\treturn;\n\nBecause dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at\nthis moment. In this situation qrtr-ns will be unable to enumerate\nservices in device.\n---------------------------------------------------------------\n\n2)\nSuch event may come at the moment after dev_set_drvdata() and\nbefore qrtr_endpoint_register(). In this case kernel will panic with\naccessing wrong pointer at qcom_mhi_qrtr_dl_callback():\n\n\trc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr,\n\t\t\t\tmhi_res->bytes_xferd);\n\nBecause endpoint is not created yet.\n--------------------------------------------------------------\nSo move mhi_prepare_for_transfer_autoqueue after endpoint creation\nto fix it."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/qrtr/mhi.c"],"versions":[{"version":"a2e2cc0dbb1121dfa875da1c04f3dff966fec162","lessThan":"c682fb70a7dfc25b848a4ff3a385b0471b470606","status":"affected","versionType":"git"},{"version":"a2e2cc0dbb1121dfa875da1c04f3dff966fec162","lessThan":"a1a75f78a2937567946b1b756f82462874b5ca20","status":"affected","versionType":"git"},{"version":"a2e2cc0dbb1121dfa875da1c04f3dff966fec162","lessThan":"68a838b84effb7b57ba7d50b1863fc6ae35a54ce","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/qrtr/mhi.c"],"versions":[{"version":"5.11","status":"affected"},{"version":"0","lessThan":"5.11","status":"unaffected","versionType":"semver"},{"version":"5.15.63","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.4","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.19.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c682fb70a7dfc25b848a4ff3a385b0471b470606"},{"url":"https://git.kernel.org/stable/c/a1a75f78a2937567946b1b756f82462874b5ca20"},{"url":"https://git.kernel.org/stable/c/68a838b84effb7b57ba7d50b1863fc6ae35a54ce"}],"title":"net: qrtr: start MHI channel after endpoit creation","x_generator":{"engine":"bippy-1.2.0"}}}}