| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061811-CVE-2022-49954-97f4@gregkh>
Date: Wed, 18 Jun 2025 13:00:19 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-49954: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
syzbot is reporting hung task at __input_unregister_device() [1], for
iforce_close() waiting at wait_event_interruptible() with dev->mutex held
is blocking input_disconnect_device() from __input_unregister_device().
It seems that the cause is simply that commit c2b27ef672992a20 ("Input:
iforce - wait for command completion when closing the device") forgot to
call wake_up() after clear_bit().
Fix this problem by introducing a helper that calls clear_bit() followed
by wake_up_all().
The Linux kernel CVE team has assigned CVE-2022-49954 to this issue.
Affected and fixed versions
===========================
Issue introduced in 2.6.33 with commit c2b27ef672992a206e5b221b8676972dd840ffa5 and fixed in 5.4.213 with commit d186c65599bff0222da37b9215784ddfe39f9e1b
Issue introduced in 2.6.33 with commit c2b27ef672992a206e5b221b8676972dd840ffa5 and fixed in 5.10.142 with commit b271090eea3899399e2adcf79c9c95367d472b03
Issue introduced in 2.6.33 with commit c2b27ef672992a206e5b221b8676972dd840ffa5 and fixed in 5.15.66 with commit df1b53bc799d58f79701c465505a206c72ad4ab8
Issue introduced in 2.6.33 with commit c2b27ef672992a206e5b221b8676972dd840ffa5 and fixed in 5.19.8 with commit b533b9d3a0d1327cbb31c201dc8dbbf98c8bfe3c
Issue introduced in 2.6.33 with commit c2b27ef672992a206e5b221b8676972dd840ffa5 and fixed in 6.0 with commit 98e01215708b6d416345465c09dce2bd4868c67a
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-49954
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/input/joystick/iforce/iforce-serio.c
drivers/input/joystick/iforce/iforce-usb.c
drivers/input/joystick/iforce/iforce.h
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/d186c65599bff0222da37b9215784ddfe39f9e1b
https://git.kernel.org/stable/c/b271090eea3899399e2adcf79c9c95367d472b03
https://git.kernel.org/stable/c/df1b53bc799d58f79701c465505a206c72ad4ab8
https://git.kernel.org/stable/c/b533b9d3a0d1327cbb31c201dc8dbbf98c8bfe3c
https://git.kernel.org/stable/c/98e01215708b6d416345465c09dce2bd4868c67a
Powered by blists - more mailing lists