CVE - CVE-2022-49200

CVE-ID
CVE-2022-49200	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt Fix the following kernel oops in btmtksdio_interrrupt [ 14.339134] btmtksdio_interrupt+0x28/0x54 [ 14.339139] process_sdio_pending_irqs+0x68/0x1a0 [ 14.339144] sdio_irq_work+0x40/0x70 [ 14.339154] process_one_work+0x184/0x39c [ 14.339160] worker_thread+0x228/0x3e8 [ 14.339168] kthread+0x148/0x3ac [ 14.339176] ret_from_fork+0x10/0x30 That happened because hdev->power_on is already called before sdio_set_drvdata which btmtksdio_interrupt handler relies on is not properly set up. The details are shown as the below: hci_register_dev would run queue_work(hdev->req_workqueue, &hdev->power_on) as WQ_HIGHPRI workqueue_struct to complete the power-on sequeunce and thus hci_power_on may run before sdio_set_drvdata is done in btmtksdio_probe. The hci_dev_do_open in hci_power_on would initialize the device and enable the interrupt and thus it is possible that btmtksdio_interrupt is being called right before sdio_set_drvdata is filled out. When btmtksdio_interrupt is being called and sdio_set_drvdata is not filled , the kernel oops is going to happen because btmtksdio_interrupt access an uninitialized pointer.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/4d3d1f2c35a19988d3c5f0ee86038b525e830840 URL:https://git.kernel.org/stable/c/4d3d1f2c35a19988d3c5f0ee86038b525e830840 MISC:https://git.kernel.org/stable/c/6d7be5afbb41c918d2f12f857f8c7efa50500be2 URL:https://git.kernel.org/stable/c/6d7be5afbb41c918d2f12f857f8c7efa50500be2 MISC:https://git.kernel.org/stable/c/70a6cf749d9ff9f463490248322e5343199bc267 URL:https://git.kernel.org/stable/c/70a6cf749d9ff9f463490248322e5343199bc267 MISC:https://git.kernel.org/stable/c/770a97d3f34b801de1b04737b43e02c55118c41a URL:https://git.kernel.org/stable/c/770a97d3f34b801de1b04737b43e02c55118c41a MISC:https://git.kernel.org/stable/c/874eca93966a786eace87fa6dfb206c2dd9519b1 URL:https://git.kernel.org/stable/c/874eca93966a786eace87fa6dfb206c2dd9519b1 MISC:https://git.kernel.org/stable/c/b062a0b9c1dc1ff63094337dccfe1568d5b62023 URL:https://git.kernel.org/stable/c/b062a0b9c1dc1ff63094337dccfe1568d5b62023
Assigning CNA
kernel.org
Date Record Created
20250226	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250226)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)