CVE-2022-50833

UNKNOWN 0.0

Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works syzbot is reporting attempt to schedule hdev->cmd_work work from system_wq WQ into hdev->workqueue WQ which is under draining operation [1], for commit c8efcc2589464ac7 ("workqueue: allow chained queueing during destruction") does not allow such operation. The check introduced by commit 877afadad2dce8aa ("Bluetooth: When HCI work queue is drained, only queue chained work") was incomplete. Use hdev->workqueue WQ when queuing hdev->{cmd,ncmd}_timer works because hci_{cmd,ncmd}_timeout() calls queue_work(hdev->workqueue). Also, protect the queuing operation with RCU read lock in order to avoid calling queue_delayed_work() after cancel_delayed_work() completed.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Dec 30, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

3b382555706558f5c0587862b6dc03e96a252bba < c4635cf3d845a7324c25c52d549b70c8bd7ad4c7 877afadad2dce8aae1f2aad8ce47e072d4f6165e < 3c6b036fe5c8ed8b6c4cbdc03605929882907ef0 877afadad2dce8aae1f2aad8ce47e072d4f6165e < deee93d13d385103205879a8a0915036ecd83261 4bf367fa1fefabdf14938d0ac9ed60020389112e

Linux / Linux

6.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/c4635cf3d845a7324c25c52d549b70c8bd7ad4c7 git.kernel.org: https://git.kernel.org/stable/c/3c6b036fe5c8ed8b6c4cbdc03605929882907ef0 git.kernel.org: https://git.kernel.org/stable/c/deee93d13d385103205879a8a0915036ecd83261