CVE-2022-1462: race condition vulnerability in drivers/tty/tty_buffers.c

From: Dan Carpenter
Date: Wed Jun 01 2022 - 14:35:07 EST


Hi Greg, Jiri,

I searched lore.kernel.org and it seemed like CVE-2022-1462 might not
have ever been reported to you? Here is the original email with the
syzkaller reproducer.

https://seclists.org/oss-sec/2022/q2/155

The reporter proposed a fix, but it won't work. Smatch says that some
of the callers are already holding the port->lock. For example,
sci_dma_rx_complete() will deadlock.

regards,
dan carpenter