{"id":"AZL-70358","summary":"CVE-2022-50166 affecting package kernel 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: When HCI work queue is drained, only queue chained work\n\nThe HCI command, event, and data packet processing workqueue is drained\nto avoid deadlock in commit\n76727c02c1e1 (\"Bluetooth: Call drain_workqueue() before resetting state\").\n\nThere is another delayed work, which will queue command to this drained\nworkqueue. Which results in the following error report:\n\nBluetooth: hci2: command 0x040f tx timeout\nWARNING: CPU: 1 PID: 18374 at kernel/workqueue.c:1438 __queue_work+0xdad/0x1140\nWorkqueue: events hci_cmd_timeout\nRIP: 0010:__queue_work+0xdad/0x1140\nRSP: 0000:ffffc90002cffc60 EFLAGS: 00010093\nRAX: 0000000000000000 RBX: ffff8880b9d3ec00 RCX: 0000000000000000\nRDX: ffff888024ba0000 RSI: ffffffff814e048d RDI: ffff8880b9d3ec08\nRBP: 0000000000000008 R08: 0000000000000000 R09: 00000000b9d39700\nR10: ffffffff814f73c6 R11: 0000000000000000 R12: ffff88807cce4c60\nR13: 0000000000000000 R14: ffff8880796d8800 R15: ffff8880796d8800\nFS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000c0174b4000 CR3: 000000007cae9000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? queue_work_on+0xcb/0x110\n ? lockdep_hardirqs_off+0x90/0xd0\n queue_work_on+0xee/0x110\n process_one_work+0x996/0x1610\n ? pwq_dec_nr_in_flight+0x2a0/0x2a0\n ? rwlock_bug.part.0+0x90/0x90\n ? _raw_spin_lock_irq+0x41/0x50\n worker_thread+0x665/0x1080\n ? process_one_work+0x1610/0x1610\n kthread+0x2e9/0x3a0\n ? kthread_complete_and_exit+0x40/0x40\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e\n\nTo fix this, we can add a new HCI_DRAIN_WQ flag, and don't queue the\ntimeout workqueue while command workqueue is draining.","modified":"2026-04-01T05:21:44.419621Z","published":"2025-06-18T11:15:46Z","upstream":["CVE-2022-50166"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50166"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70358.json"}}],"schema_version":"1.7.5"}