Wiz
Vulnerability DatabaseCVE-2022-49303

CVE-2022-49303
Linux Debian vulnerability analysis and mitigation

Overview

CVE-2022-49303 affects the Linux kernel's rtl8192eu driver, specifically in the rtwjoinbssevent_prehandle function. The vulnerability was discovered and resolved in 2022, involving a deadlock condition in the driver's staging code. The issue affects systems using the RTL8192EU wireless network adapter driver (Kernel Git).

Technical details

The vulnerability stems from a deadlock condition in the rtwjoinbsseventprehandle() function. The deadlock occurs when Thread 1 holds pmlmepriv->lock and calls deltimersync() to wait for a timer to stop, while Thread 2 (timer handler) also requires pmlmepriv->lock, resulting in an infinite block. The issue involves improper lock handling between spinlock_bh() operations and timer synchronization (Kernel Git).

Impact

When triggered, this vulnerability causes the rtwjoinbssevent_prehandle() function to block indefinitely, potentially affecting the wireless network functionality of systems using the RTL8192EU driver (Kernel Git).

Mitigation and workarounds

The issue has been fixed by extracting deltimersync() from the protection of spinlockbh() and changing spinlockbh() to spinlockirq() in rtwjointimeouthandler(). Users should update their Linux kernel to a version containing the fix (Kernel Git).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo