CVE-2022-49954

In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interruptible() with dev->mutex held is blocking input_disconnect_device() from __input_unregister_device(). It seems that the cause is simply that commit c2b27ef672992a20 ("Input: iforce - wait for command completion when closing the device") forgot to call wake_up() after clear_bit(). Fix this problem by introducing a helper that calls clear_bit() followed by wake_up_all().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/98e01215708b6d416345465c09dce2bd4868c67a	Patch
https://git.kernel.org/stable/c/b271090eea3899399e2adcf79c9c95367d472b03	Patch
https://git.kernel.org/stable/c/b533b9d3a0d1327cbb31c201dc8dbbf98c8bfe3c	Patch
https://git.kernel.org/stable/c/d186c65599bff0222da37b9215784ddfe39f9e1b	Patch
https://git.kernel.org/stable/c/df1b53bc799d58f79701c465505a206c72ad4ab8	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.33:-::::::
	cpe:2.3:o:linux:linux_kernel:2.6.33:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.33:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.33:rc5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.33:rc6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.33:rc7::::::
	cpe:2.3:o:linux:linux_kernel:2.6.33:rc8::::::
	cpe:2.3:o:linux:linux_kernel:6.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.0:rc3::::::

History

No history.

Information

Published : 2025-06-18 11:15

Updated : 2025-11-14 18:59

NVD link : CVE-2022-49954

Mitre link : CVE-2022-49954

CVE.ORG link : CVE-2022-49954

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-49954", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-06-18T11:15:22.500", "references": [{"url": "https://git.kernel.org/stable/c/98e01215708b6d416345465c09dce2bd4868c67a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b271090eea3899399e2adcf79c9c95367d472b03", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b533b9d3a0d1327cbb31c201dc8dbbf98c8bfe3c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d186c65599bff0222da37b9215784ddfe39f9e1b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/df1b53bc799d58f79701c465505a206c72ad4ab8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag\n\nsyzbot is reporting hung task at __input_unregister_device() [1], for\niforce_close() waiting at wait_event_interruptible() with dev->mutex held\nis blocking input_disconnect_device() from __input_unregister_device().\n\nIt seems that the cause is simply that commit c2b27ef672992a20 (\"Input:\niforce - wait for command completion when closing the device\") forgot to\ncall wake_up() after clear_bit().\n\nFix this problem by introducing a helper that calls clear_bit() followed\nby wake_up_all()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Entrada: iforce - reactivar tras borrar el indicador IFORCE_XMIT_RUNNING. syzbot informa que la tarea est\u00e1 bloqueada en __input_unregister_device() [1], ya que iforce_close() espera en wait_event_interruptible() con dev->mutex retenido, lo que bloquea input_disconnect_device() desde __input_unregister_device(). Parece que la causa es simplemente que el commit c2b27ef672992a20 (\"Entrada: iforce - esperar a que se complete el comando al cerrar el dispositivo\") olvid\u00f3 llamar a wake_up() despu\u00e9s de clear_bit(). Se soluciona este problema mediante un asistente que llame a clear_bit() seguido de wake_up_all()."}], "lastModified": "2025-11-14T18:59:26.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AE47490-60B7-492B-8196-2B12592AB5A7", "versionEndExcluding": "5.4.213", "versionStartIncluding": "2.6.34"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D44AD643-5591-432E-BD41-C2C737F54AC0", "versionEndExcluding": "5.10.142", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52AE7E2B-7BE3-4B8A-89CC-AB62434899A3", "versionEndExcluding": "5.15.66", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FEC7656-4CE2-424C-8830-EDB160E701C8", "versionEndExcluding": "5.19.8", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF818826-D9F2-42F9-9638-9609513561A3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DE43C00-5967-44A1-ACEB-B7AF66EEBB53"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B33B5E4B-FCB3-4343-B992-F0ADB853754B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7295BBE-A9E3-44F6-9DD6-0FD6C2591E11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B220EA3F-55B3-4B6E-8285-B28ADEF50138"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C61AB348-ACF4-4F88-AC9D-BEC63B76399C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.33:rc8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3AFD58E-A261-4398-BA11-B62A091261F6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46498B3-78E1-4623-AAE1-94D29A42BE4E"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}