CVE-2022-50833

NONE EPSS 9.7%
Published Dec 30, 20256mo ago · Modified Jun 17, 20261w ago
Find Similar
Published Dec 30, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works syzbot is reporting attempt to schedule hdev->cmd_work work from system_wq WQ into hdev->workqueue WQ which is under draining operation [1], for commit c8efcc2589464ac7 ("workqueue: allow chained queueing during destruction") does not allow such operation. The check introduced by commit 877afadad2dce8aa ("Bluetooth: When HCI work queue is drained, only queue chained work") was incomplete. Use hdev->workqueue WQ when queuing hdev->{cmd,ncmd}_timer works because hci_{cmd,ncmd}_timeout() calls queue_work(hdev->workqueue). Also, protect the queuing operation with RCU read lock in order to avoid calling queue_delayed_work() after cancel_delayed_work() completed.

Threat Intelligence

EPSS Exploit Probability
9.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 3

  • git.kernel.org https://git.kernel.org/stable/c/3c6b036fe5c8ed8b6c4cbdc03605929882907ef0
  • git.kernel.org https://git.kernel.org/stable/c/c4635cf3d845a7324c25c52d549b70c8bd7ad4c7
  • git.kernel.org https://git.kernel.org/stable/c/deee93d13d385103205879a8a0915036ecd83261

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.