CVE-2022-50833

Published: Dec 30, 2025

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works syzbot is reporting attempt to schedule hdev->cmd_work work from system_wq WQ into hdev->workqueue WQ which is under draining operation [1], for commit c8efcc2589464ac7 ("workqueue: allow chained queueing during destruction") does not allow such operation. The check introduced by commit 877afadad2dce8aa ("Bluetooth: When HCI work queue is drained, only queue chained work") was incomplete. Use hdev->workqueue WQ when queuing hdev->{cmd,ncmd}_timer works because hci_{cmd,ncmd}_timeout() calls queue_work(hdev->workqueue). Also, protect the queuing operation with RCU read lock in order to avoid calling queue_delayed_work() after cancel_delayed_work() completed.

Vendor	Product	Versions
Linux	Linux	affected `3b382555706558f5c0587862b6dc03e96a252bba - < c4635cf3d845a7324c25c52d549b70c8bd7ad4c7` affected `877afadad2dce8aae1f2aad8ce47e072d4f6165e - < 3c6b036fe5c8ed8b6c4cbdc03605929882907ef0` affected `877afadad2dce8aae1f2aad8ce47e072d4f6165e - < deee93d13d385103205879a8a0915036ecd83261` affected `4bf367fa1fefabdf14938d0ac9ed60020389112e` affected `5.19.2 - < 5.19.15` +1 more versions
Linux	Linux	affected `6.0` unaffected `0 - < 6.0` unaffected `5.19.15 - <= 5.19.` unaffected `6.0.1 - <= 6.0.` unaffected `6.1 - <= *`

References

https://git.kernel.org/stable/c/c4635cf3d845a7324c25c52d549b70c8bd7ad4c7

https://git.kernel.org/stable/c/3c6b036fe5c8ed8b6c4cbdc03605929882907ef0

https://git.kernel.org/stable/c/deee93d13d385103205879a8a0915036ecd83261

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-50833

Description

Affected Products

References