CVE-2022-49954

Description

In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interruptible() with dev->mutex held is blocking input_disconnect_device() from __input_unregister_device(). It seems that the cause is simply that commit c2b27ef672992a20 ("Input: iforce - wait for command completion when closing the device") forgot to call wake_up() after clear_bit(). Fix this problem by introducing a helper that calls clear_bit() followed by wake_up_all().

Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

c2b27ef672992a206e5b221b8676972dd840ffa5 before d186c65599bff0222da37b9215784ddfe39f9e1b
affected

c2b27ef672992a206e5b221b8676972dd840ffa5 before b271090eea3899399e2adcf79c9c95367d472b03
affected

c2b27ef672992a206e5b221b8676972dd840ffa5 before df1b53bc799d58f79701c465505a206c72ad4ab8
affected

c2b27ef672992a206e5b221b8676972dd840ffa5 before b533b9d3a0d1327cbb31c201dc8dbbf98c8bfe3c
affected

c2b27ef672992a206e5b221b8676972dd840ffa5 before 98e01215708b6d416345465c09dce2bd4868c67a
affected

Default status
affected

2.6.33
affected

Any version before 2.6.33
unaffected

5.4.213
unaffected

5.10.142
unaffected

5.15.66
unaffected

5.19.8
unaffected

6.0
unaffected

References

git.kernel.org/...c/d186c65599bff0222da37b9215784ddfe39f9e1b

git.kernel.org/...c/b271090eea3899399e2adcf79c9c95367d472b03

git.kernel.org/...c/df1b53bc799d58f79701c465505a206c72ad4ab8

git.kernel.org/...c/b533b9d3a0d1327cbb31c201dc8dbbf98c8bfe3c

git.kernel.org/...c/98e01215708b6d416345465c09dce2bd4868c67a

cve.org (CVE-2022-49954)

nvd.nist.gov (CVE-2022-49954)

Download JSON