https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-08T13:06:18.091400+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/40dcbacf-1d3b-4cda-b710-a6335eee9055/export40dcbacf-1d3b-4cda-b710-a6335eee90552026-05-08T13:06:18.468559+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "40dcbacf-1d3b-4cda-b710-a6335eee9055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48921", "type": "seen", "source": "https://t.me/cvedetector/3853", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48921 - Linux Kernel Sched/Fair Null Pointer Dereference Vulnerability in Red Hat Enterprise Linux\", \n \"Content\": \"CVE ID : CVE-2022-48921 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nsched/fair: Fix fault in reweight_entity \n \nSyzbot found a GPF in reweight_entity. This has been bisected to \ncommit 4ef0c5c6b5ba (\"kernel/sched: Fix sched_fork() access an invalid \nsched_task_group\") \n \nThere\u00a0is a race between sched_post_fork() and setpriority(PRIO_PGRP) \nwithin a thread group that causes a null-ptr-deref\u00a0in \nreweight_entity() in CFS. The scenario is that the main process spawns \nnumber of new threads, which then call setpriority(PRIO_PGRP, 0, -20), \nwait, and exit. For each of the new threads the copy_process() gets \ninvoked, which adds the new task_struct and calls sched_post_fork() \nfor it. \n \nIn the above scenario there is a possibility that \nsetpriority(PRIO_PGRP) and set_one_prio() will be called for a thread \nin the group that is just being created by copy_process(), and for \nwhich the sched_post_fork() has not been executed yet. This will \ntrigger a null pointer dereference in reweight_entity(),\u00a0as it will \ntry to access the run queue pointer, which hasn't been set. \n \nBefore the mentioned change the cfs_rq pointer for the task has been \nset in sched_fork(), which is called much earlier in copy_process(), \nbefore the new task is added to the thread_group. Now it is done in \nthe sched_post_fork(), which is called after that. To fix the issue \nthe remove the update_load param from the update_load param() function \nand call reweight_task() only if the task flag doesn't have the \nTASK_NEW flag set. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:07:52.000000Z"}2024-08-22T05:07:52+00:00