{"id":"CVE-2022-50044","summary":"net: qrtr: start MHI channel after endpoit creation","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: start MHI channel after endpoit creation\n\nMHI channel may generates event/interrupt right after enabling.\nIt may leads to 2 race conditions issues.\n\n1)\nSuch event may be dropped by qcom_mhi_qrtr_dl_callback() at check:\n\n\tif (!qdev || mhi_res-\u003etransaction_status)\n\t\treturn;\n\nBecause dev_set_drvdata(&mhi_dev-\u003edev, qdev) may be not performed at\nthis moment. In this situation qrtr-ns will be unable to enumerate\nservices in device.\n---------------------------------------------------------------\n\n2)\nSuch event may come at the moment after dev_set_drvdata() and\nbefore qrtr_endpoint_register(). In this case kernel will panic with\naccessing wrong pointer at qcom_mhi_qrtr_dl_callback():\n\n\trc = qrtr_endpoint_post(&qdev-\u003eep, mhi_res-\u003ebuf_addr,\n\t\t\t\tmhi_res-\u003ebytes_xferd);\n\nBecause endpoint is not created yet.\n--------------------------------------------------------------\nSo move mhi_prepare_for_transfer_autoqueue after endpoint creation\nto fix it.","modified":"2026-04-11T12:44:49.980308Z","published":"2025-06-18T11:01:45.296Z","related":["SUSE-SU-2025:02264-1","SUSE-SU-2025:02321-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50044.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/68a838b84effb7b57ba7d50b1863fc6ae35a54ce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a1a75f78a2937567946b1b756f82462874b5ca20"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c682fb70a7dfc25b848a4ff3a385b0471b470606"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50044.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50044"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a2e2cc0dbb1121dfa875da1c04f3dff966fec162"},{"fixed":"c682fb70a7dfc25b848a4ff3a385b0471b470606"},{"fixed":"a1a75f78a2937567946b1b756f82462874b5ca20"},{"fixed":"68a838b84effb7b57ba7d50b1863fc6ae35a54ce"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50044.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.63"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.19.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50044.json"}}],"schema_version":"1.7.5"}