CVE-2022-49698 (GCVE-0-2022-49698)
Vulnerability from cvelistv5 – Published: 2025-02-26 02:24 – Updated: 2025-05-04 08:43
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: use get_random_u32 instead of prandom
bh might occur while updating per-cpu rnd_state from user context,
ie. local_out path.
BUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725
caller is nft_ng_random_eval+0x24/0x54 [nft_numgen]
Call Trace:
check_preemption_disabled+0xde/0xe0
nft_ng_random_eval+0x24/0x54 [nft_numgen]
Use the random driver instead, this also avoids need for local prandom
state. Moreover, prandom now uses the random driver since d4150779e60f
("random32: use real rng for non-deterministic randomness").
Based on earlier patch from Pablo Neira.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
978d8f9055c3a7c35db2ac99cd2580b993396e33 , < 15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b
(git)
Affected: 978d8f9055c3a7c35db2ac99cd2580b993396e33 , < d0906b0fffc9f19bc42708ca3e84e2089088386c (git) Affected: 978d8f9055c3a7c35db2ac99cd2580b993396e33 , < 6ce71f83f798be7e1ca68707fec449fbecb38852 (git) Affected: 978d8f9055c3a7c35db2ac99cd2580b993396e33 , < b1fd94e704571f98b21027340eecf821b2bdffba (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_meta.c",
"net/netfilter/nft_numgen.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b",
"status": "affected",
"version": "978d8f9055c3a7c35db2ac99cd2580b993396e33",
"versionType": "git"
},
{
"lessThan": "d0906b0fffc9f19bc42708ca3e84e2089088386c",
"status": "affected",
"version": "978d8f9055c3a7c35db2ac99cd2580b993396e33",
"versionType": "git"
},
{
"lessThan": "6ce71f83f798be7e1ca68707fec449fbecb38852",
"status": "affected",
"version": "978d8f9055c3a7c35db2ac99cd2580b993396e33",
"versionType": "git"
},
{
"lessThan": "b1fd94e704571f98b21027340eecf821b2bdffba",
"status": "affected",
"version": "978d8f9055c3a7c35db2ac99cd2580b993396e33",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_meta.c",
"net/netfilter/nft_numgen.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.127",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.127",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.51",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.8",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: use get_random_u32 instead of prandom\n\nbh might occur while updating per-cpu rnd_state from user context,\nie. local_out path.\n\nBUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725\ncaller is nft_ng_random_eval+0x24/0x54 [nft_numgen]\nCall Trace:\n check_preemption_disabled+0xde/0xe0\n nft_ng_random_eval+0x24/0x54 [nft_numgen]\n\nUse the random driver instead, this also avoids need for local prandom\nstate. Moreover, prandom now uses the random driver since d4150779e60f\n(\"random32: use real rng for non-deterministic randomness\").\n\nBased on earlier patch from Pablo Neira."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:43:30.726Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b"
},
{
"url": "https://git.kernel.org/stable/c/d0906b0fffc9f19bc42708ca3e84e2089088386c"
},
{
"url": "https://git.kernel.org/stable/c/6ce71f83f798be7e1ca68707fec449fbecb38852"
},
{
"url": "https://git.kernel.org/stable/c/b1fd94e704571f98b21027340eecf821b2bdffba"
}
],
"title": "netfilter: use get_random_u32 instead of prandom",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49698",
"datePublished": "2025-02-26T02:24:19.519Z",
"dateReserved": "2025-02-26T02:21:30.443Z",
"dateUpdated": "2025-05-04T08:43:30.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49698\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:01:44.547\",\"lastModified\":\"2025-10-24T19:11:00.447\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: use get_random_u32 instead of prandom\\n\\nbh might occur while updating per-cpu rnd_state from user context,\\nie. local_out path.\\n\\nBUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725\\ncaller is nft_ng_random_eval+0x24/0x54 [nft_numgen]\\nCall Trace:\\n check_preemption_disabled+0xde/0xe0\\n nft_ng_random_eval+0x24/0x54 [nft_numgen]\\n\\nUse the random driver instead, this also avoids need for local prandom\\nstate. Moreover, prandom now uses the random driver since d4150779e60f\\n(\\\"random32: use real rng for non-deterministic randomness\\\").\\n\\nBased on earlier patch from Pablo Neira.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: el uso de get_random_u32 en lugar de prandom bh podr\u00eda ocurrir mientras se actualiza rnd_state por CPU desde el contexto del usuario, es decir, la ruta local_out. ERROR: uso de smp_processor_id() en c\u00f3digo preemptible [00000000]: el llamador de nginx/2725 es nft_ng_random_eval+0x24/0x54 [nft_numgen] Rastreo de llamadas: check_preemption_disabled+0xde/0xe0 nft_ng_random_eval+0x24/0x54 [nft_numgen] Use el controlador aleatorio en su lugar, esto tambi\u00e9n evita la necesidad de un estado prandom local. Adem\u00e1s, prandom ahora usa el controlador aleatorio desde d4150779e60f (\\\"random32: use real rng for non-deterministic randomness\\\"). Basado en un parche anterior de Pablo Neira.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.18\",\"versionEndExcluding\":\"5.10.127\",\"matchCriteriaId\":\"96383036-34A6-4887-9B9E-8260B264BC7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.51\",\"matchCriteriaId\":\"B43F7696-8D52-482D-9080-84279B0CB38C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.18.8\",\"matchCriteriaId\":\"0172D3FA-DDEB-482A-A270-4A1495A8798C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8C30C2D-F82D-4D37-AB48-D76ABFBD5377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF8547FC-C849-4F1B-804B-A93AE2F04A92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3068028-F453-4A1C-B80F-3F5609ACEF60\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6ce71f83f798be7e1ca68707fec449fbecb38852\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b1fd94e704571f98b21027340eecf821b2bdffba\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d0906b0fffc9f19bc42708ca3e84e2089088386c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}