Action not permitted
Modal body text goes here.
wid-sec-w-2024-1025
Vulnerability from csaf_certbund
Published
2024-05-05 22:00
Modified
2024-06-12 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder um einen nicht spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder um einen nicht spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1025 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1025.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1025 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1025"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050314-CVE-2022-48670-f9f1@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050317-CVE-2022-48671-fbdd@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050318-CVE-2022-48672-b6d9@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050318-CVE-2022-48673-1692@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050318-CVE-2022-48674-b876@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050319-CVE-2022-48675-6ff4@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050342-CVE-2022-48686-5e8e@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050344-CVE-2022-48687-b82e@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050345-CVE-2022-48688-7306@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050345-CVE-2022-48689-5ee7@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050346-CVE-2022-48690-53bc@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050346-CVE-2022-48691-5f16@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050346-CVE-2022-48692-6bc3@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050347-CVE-2022-48693-3e82@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050347-CVE-2022-48694-f0e8@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050348-CVE-2022-48695-8a9e@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050348-CVE-2022-48696-b671@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050348-CVE-2022-48697-1df4@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050349-CVE-2022-48698-ac39@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050349-CVE-2022-48699-8b9b@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050349-CVE-2022-48700-c756@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050350-CVE-2022-48701-eadb@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050350-CVE-2022-48702-47dd@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050351-CVE-2022-48703-3099@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050351-CVE-2022-48704-e1ea@gregkh/T/"
},
{
"category": "external",
"summary": "Linux CVE Announce Mailing List vom 2024-05-05",
"url": "https://lore.kernel.org/linux-cve-announce/2024050351-CVE-2022-48705-a5c4@gregkh/T/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1642-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018530.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1645-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018527.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1644-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018528.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1650-1 vom 2024-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018533.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1659-1 vom 2024-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018538.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1979-1 vom 2024-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018685.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2011-1 vom 2024-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018710.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2010-1 vom 2024-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018711.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2008-1 vom 2024-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018706.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-06-12T22:00:00.000+00:00",
"generator": {
"date": "2024-06-13T08:06:33.337+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2024-1025",
"initial_release_date": "2024-05-05T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-05T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-14T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-15T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-12T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T034539",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48670",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48670"
},
{
"cve": "CVE-2022-48671",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48671"
},
{
"cve": "CVE-2022-48672",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48672"
},
{
"cve": "CVE-2022-48673",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48673"
},
{
"cve": "CVE-2022-48674",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48674"
},
{
"cve": "CVE-2022-48675",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48675"
},
{
"cve": "CVE-2022-48686",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48686"
},
{
"cve": "CVE-2022-48687",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48687"
},
{
"cve": "CVE-2022-48688",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48688"
},
{
"cve": "CVE-2022-48689",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48689"
},
{
"cve": "CVE-2022-48690",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48690"
},
{
"cve": "CVE-2022-48691",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48691"
},
{
"cve": "CVE-2022-48692",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48692"
},
{
"cve": "CVE-2022-48693",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48693"
},
{
"cve": "CVE-2022-48694",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48694"
},
{
"cve": "CVE-2022-48695",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48695"
},
{
"cve": "CVE-2022-48696",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48696"
},
{
"cve": "CVE-2022-48697",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48697"
},
{
"cve": "CVE-2022-48698",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48698"
},
{
"cve": "CVE-2022-48699",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48699"
},
{
"cve": "CVE-2022-48700",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48700"
},
{
"cve": "CVE-2022-48701",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48701"
},
{
"cve": "CVE-2022-48702",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48702"
},
{
"cve": "CVE-2022-48703",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48703"
},
{
"cve": "CVE-2022-48704",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48704"
},
{
"cve": "CVE-2022-48705",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie cgroup, netfilter, RDMA oder DRM, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Use-after-free, einer NULL-Zeiger-Dereferenz oder einem Speicherleck und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"T034539"
]
},
"release_date": "2024-05-05T22:00:00Z",
"title": "CVE-2022-48705"
}
]
}
cve-2022-48695
Vulnerability from cvelistv5
Published
2024-05-03 17:44
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
scsi: mpt3sas: Fix use-after-free warning
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:45.670412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:44:22.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8fc9e91b931215110ba824d1a2983c5f60b6f82"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4959d09b76eb7a4146f5133962b88d3bddb63d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82efb917eeb27454dc4c6fe26432fc8f6c75bc16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5682c94644fde72f72bded6580c38189ffc856b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea10a652ad2ae2cf3eced6f632a5c98f26727057"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6229fa494a5949be209bc73afbc5d0a749c2e3c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41acb064c4e013808bc7d5fc1b506fa449425b0b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/mpt3sas/mpt3sas_scsih.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b8fc9e91b931",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "d4959d09b76e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "82efb917eeb2",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "5682c94644fd",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ea10a652ad2a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "6229fa494a59",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "41acb064c4e0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "991df3dd5144",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/mpt3sas/mpt3sas_scsih.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.328",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.293",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.258",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix use-after-free warning\n\nFix the following use-after-free warning which is observed during\ncontroller reset:\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:29.801Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b8fc9e91b931215110ba824d1a2983c5f60b6f82"
},
{
"url": "https://git.kernel.org/stable/c/d4959d09b76eb7a4146f5133962b88d3bddb63d6"
},
{
"url": "https://git.kernel.org/stable/c/82efb917eeb27454dc4c6fe26432fc8f6c75bc16"
},
{
"url": "https://git.kernel.org/stable/c/5682c94644fde72f72bded6580c38189ffc856b5"
},
{
"url": "https://git.kernel.org/stable/c/ea10a652ad2ae2cf3eced6f632a5c98f26727057"
},
{
"url": "https://git.kernel.org/stable/c/6229fa494a5949be209bc73afbc5d0a749c2e3c7"
},
{
"url": "https://git.kernel.org/stable/c/41acb064c4e013808bc7d5fc1b506fa449425b0b"
},
{
"url": "https://git.kernel.org/stable/c/991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34"
}
],
"title": "scsi: mpt3sas: Fix use-after-free warning",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48695",
"datePublished": "2024-05-03T17:44:55.829Z",
"dateReserved": "2024-05-03T14:55:07.145Z",
"dateUpdated": "2024-08-03T15:17:55.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48697
Vulnerability from cvelistv5
Published
2024-05-03 15:10
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
nvmet: fix a use-after-free
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T20:35:15.754942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T20:35:37.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17f121ca3ec6be0fb32d77c7f65362934a38cc8e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d66989b5f7bb28bba2f8e1e2ffc8bfef4a10717"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be01f1c988757b95f11f090a9f491365670a522b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebf46da50beb78066674354ad650606a467e33fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4484ce97a78171668c402e0c45db7f760aea8060"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a02a61e81c231cc5c680c5dbf8665275147ac52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "17f121ca3ec6",
"status": "affected",
"version": "a07b4970f464",
"versionType": "git"
},
{
"lessThan": "8d66989b5f7b",
"status": "affected",
"version": "a07b4970f464",
"versionType": "git"
},
{
"lessThan": "be01f1c98875",
"status": "affected",
"version": "a07b4970f464",
"versionType": "git"
},
{
"lessThan": "ebf46da50beb",
"status": "affected",
"version": "a07b4970f464",
"versionType": "git"
},
{
"lessThan": "4484ce97a781",
"status": "affected",
"version": "a07b4970f464",
"versionType": "git"
},
{
"lessThan": "6a02a61e81c2",
"status": "affected",
"version": "a07b4970f464",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/target/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.260",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix a use-after-free\n\nFix the following use-after-free complaint triggered by blktests nvme/004:\n\nBUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350\nRead of size 4 at addr 0000607bd1835943 by task kworker/13:1/460\nWorkqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]\nCall Trace:\n show_stack+0x52/0x58\n dump_stack_lvl+0x49/0x5e\n print_report.cold+0x36/0x1e2\n kasan_report+0xb9/0xf0\n __asan_load4+0x6b/0x80\n blk_mq_complete_request_remote+0xac/0x350\n nvme_loop_queue_response+0x1df/0x275 [nvme_loop]\n __nvmet_req_complete+0x132/0x4f0 [nvmet]\n nvmet_req_complete+0x15/0x40 [nvmet]\n nvmet_execute_io_connect+0x18a/0x1f0 [nvmet]\n nvme_loop_execute_work+0x20/0x30 [nvme_loop]\n process_one_work+0x56e/0xa70\n worker_thread+0x2d1/0x640\n kthread+0x183/0x1c0\n ret_from_fork+0x1f/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:31.864Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/17f121ca3ec6be0fb32d77c7f65362934a38cc8e"
},
{
"url": "https://git.kernel.org/stable/c/8d66989b5f7bb28bba2f8e1e2ffc8bfef4a10717"
},
{
"url": "https://git.kernel.org/stable/c/be01f1c988757b95f11f090a9f491365670a522b"
},
{
"url": "https://git.kernel.org/stable/c/ebf46da50beb78066674354ad650606a467e33fa"
},
{
"url": "https://git.kernel.org/stable/c/4484ce97a78171668c402e0c45db7f760aea8060"
},
{
"url": "https://git.kernel.org/stable/c/6a02a61e81c231cc5c680c5dbf8665275147ac52"
}
],
"title": "nvmet: fix a use-after-free",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48697",
"datePublished": "2024-05-03T15:10:30.963Z",
"dateReserved": "2024-05-03T14:55:07.145Z",
"dateUpdated": "2024-08-03T15:17:55.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48688
Vulnerability from cvelistv5
Published
2024-05-03 14:59
Modified
2024-09-11 17:33
Severity ?
EPSS score ?
Summary
i40e: Fix kernel crash during module removal
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c49f320e2492738d478bc427dcd54ccfe0cba746"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5332a094514852d5e58c278cf4193adb937337fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/342d77769a6cceb3df7720a1e18baa4339eee3fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ed94383f3a2693dbf5bc47c514b42524bd8f9ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38af35bec59a8431a1eb29da994a0a45cba275d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb8396aeda5872369a8ed6d2301e2c86e303c520"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:43:39.399109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:28.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/i40e/i40e_client.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c49f320e2492",
"status": "affected",
"version": "0ef2d5afb12d",
"versionType": "git"
},
{
"lessThan": "5332a0945148",
"status": "affected",
"version": "0ef2d5afb12d",
"versionType": "git"
},
{
"lessThan": "342d77769a6c",
"status": "affected",
"version": "0ef2d5afb12d",
"versionType": "git"
},
{
"lessThan": "2ed94383f3a2",
"status": "affected",
"version": "0ef2d5afb12d",
"versionType": "git"
},
{
"lessThan": "38af35bec59a",
"status": "affected",
"version": "0ef2d5afb12d",
"versionType": "git"
},
{
"lessThan": "fb8396aeda58",
"status": "affected",
"version": "0ef2d5afb12d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/i40e/i40e_client.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.258",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix kernel crash during module removal\n\nThe driver incorrectly frees client instance and subsequent\ni40e module removal leads to kernel crash.\n\nReproducer:\n1. Do ethtool offline test followed immediately by another one\nhost# ethtool -t eth0 offline; ethtool -t eth0 offline\n2. Remove recursively irdma module that also removes i40e module\nhost# modprobe -r irdma\n\nResult:\n[ 8675.035651] i40e 0000:3d:00.0 eno1: offline testing starting\n[ 8675.193774] i40e 0000:3d:00.0 eno1: testing finished\n[ 8675.201316] i40e 0000:3d:00.0 eno1: offline testing starting\n[ 8675.358921] i40e 0000:3d:00.0 eno1: testing finished\n[ 8675.496921] i40e 0000:3d:00.0: IRDMA hardware initialization FAILED init_state=2 status=-110\n[ 8686.188955] i40e 0000:3d:00.1: i40e_ptp_stop: removed PHC on eno2\n[ 8686.943890] i40e 0000:3d:00.1: Deleted LAN device PF1 bus=0x3d dev=0x00 func=0x01\n[ 8686.952669] i40e 0000:3d:00.0: i40e_ptp_stop: removed PHC on eno1\n[ 8687.761787] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[ 8687.768755] #PF: supervisor read access in kernel mode\n[ 8687.773895] #PF: error_code(0x0000) - not-present page\n[ 8687.779034] PGD 0 P4D 0\n[ 8687.781575] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 8687.785935] CPU: 51 PID: 172891 Comm: rmmod Kdump: loaded Tainted: G W I 5.19.0+ #2\n[ 8687.794800] Hardware name: Intel Corporation S2600WFD/S2600WFD, BIOS SE5C620.86B.0X.02.0001.051420190324 05/14/2019\n[ 8687.805222] RIP: 0010:i40e_lan_del_device+0x13/0xb0 [i40e]\n[ 8687.810719] Code: d4 84 c0 0f 84 b8 25 01 00 e9 9c 25 01 00 41 bc f4 ff ff ff eb 91 90 0f 1f 44 00 00 41 54 55 53 48 8b 87 58 08 00 00 48 89 fb \u003c48\u003e 8b 68 30 48 89 ef e8 21 8a 0f d5 48 89 ef e8 a9 78 0f d5 48 8b\n[ 8687.829462] RSP: 0018:ffffa604072efce0 EFLAGS: 00010202\n[ 8687.834689] RAX: 0000000000000000 RBX: ffff8f43833b2000 RCX: 0000000000000000\n[ 8687.841821] RDX: 0000000000000000 RSI: ffff8f4b0545b298 RDI: ffff8f43833b2000\n[ 8687.848955] RBP: ffff8f43833b2000 R08: 0000000000000001 R09: 0000000000000000\n[ 8687.856086] R10: 0000000000000000 R11: 000ffffffffff000 R12: ffff8f43833b2ef0\n[ 8687.863218] R13: ffff8f43833b2ef0 R14: ffff915103966000 R15: ffff8f43833b2008\n[ 8687.870342] FS: 00007f79501c3740(0000) GS:ffff8f4adffc0000(0000) knlGS:0000000000000000\n[ 8687.878427] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8687.884174] CR2: 0000000000000030 CR3: 000000014276e004 CR4: 00000000007706e0\n[ 8687.891306] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 8687.898441] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 8687.905572] PKRU: 55555554\n[ 8687.908286] Call Trace:\n[ 8687.910737] \u003cTASK\u003e\n[ 8687.912843] i40e_remove+0x2c0/0x330 [i40e]\n[ 8687.917040] pci_device_remove+0x33/0xa0\n[ 8687.920962] device_release_driver_internal+0x1aa/0x230\n[ 8687.926188] driver_detach+0x44/0x90\n[ 8687.929770] bus_remove_driver+0x55/0xe0\n[ 8687.933693] pci_unregister_driver+0x2a/0xb0\n[ 8687.937967] i40e_exit_module+0xc/0xf48 [i40e]\n\nTwo offline tests cause IRDMA driver failure (ETIMEDOUT) and this\nfailure is indicated back to i40e_client_subtask() that calls\ni40e_client_del_instance() to free client instance referenced\nby pf-\u003ecinst and sets this pointer to NULL. During the module\nremoval i40e_remove() calls i40e_lan_del_device() that dereferences\npf-\u003ecinst that is NULL -\u003e crash.\nDo not remove client instance when client open callbacks fails and\njust clear __I40E_CLIENT_INSTANCE_OPENED bit. The driver also needs\nto take care about this situation (when netdev is up and client\nis NOT opened) in i40e_notify_client_of_netdev_close() and\ncalls client close callback only when __I40E_CLIENT_INSTANCE_OPENED\nis set."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:22.621Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c49f320e2492738d478bc427dcd54ccfe0cba746"
},
{
"url": "https://git.kernel.org/stable/c/5332a094514852d5e58c278cf4193adb937337fc"
},
{
"url": "https://git.kernel.org/stable/c/342d77769a6cceb3df7720a1e18baa4339eee3fc"
},
{
"url": "https://git.kernel.org/stable/c/2ed94383f3a2693dbf5bc47c514b42524bd8f9ae"
},
{
"url": "https://git.kernel.org/stable/c/38af35bec59a8431a1eb29da994a0a45cba275d9"
},
{
"url": "https://git.kernel.org/stable/c/fb8396aeda5872369a8ed6d2301e2c86e303c520"
}
],
"title": "i40e: Fix kernel crash during module removal",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48688",
"datePublished": "2024-05-03T14:59:45.253Z",
"dateReserved": "2024-05-03T14:55:07.144Z",
"dateUpdated": "2024-09-11T17:33:28.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48673
Vulnerability from cvelistv5
Published
2024-05-03 14:51
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
net/smc: Fix possible access to freed memory in link clear
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:55:55.049793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:35.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89fcb70f1acd6b0bbf2f7bfbf45d7aa75a9bdcde"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9b1a4f867ae9c1dbd1d71cd09cbdb3239fb4968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/smc/smc_core.c",
"net/smc/smc_core.h",
"net/smc/smc_wr.c",
"net/smc/smc_wr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "89fcb70f1acd",
"status": "affected",
"version": "bd4ad57718cc",
"versionType": "git"
},
{
"lessThan": "e9b1a4f867ae",
"status": "affected",
"version": "bd4ad57718cc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/smc/smc_core.c",
"net/smc/smc_core.h",
"net/smc/smc_wr.c",
"net/smc/smc_wr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix possible access to freed memory in link clear\n\nAfter modifying the QP to the Error state, all RX WR would be completed\nwith WC in IB_WC_WR_FLUSH_ERR status. Current implementation does not\nwait for it is done, but destroy the QP and free the link group directly.\nSo there is a risk that accessing the freed memory in tasklet context.\n\nHere is a crash example:\n\n BUG: unable to handle page fault for address: ffffffff8f220860\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD f7300e067 P4D f7300e067 PUD f7300f063 PMD 8c4e45063 PTE 800ffff08c9df060\n Oops: 0002 [#1] SMP PTI\n CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Tainted: G S OE 5.10.0-0607+ #23\n Hardware name: Inspur NF5280M4/YZMB-00689-101, BIOS 4.1.20 07/09/2018\n RIP: 0010:native_queued_spin_lock_slowpath+0x176/0x1b0\n Code: f3 90 48 8b 32 48 85 f6 74 f6 eb d5 c1 ee 12 83 e0 03 83 ee 01 48 c1 e0 05 48 63 f6 48 05 00 c8 02 00 48 03 04 f5 00 09 98 8e \u003c48\u003e 89 10 8b 42 08 85 c0 75 09 f3 90 8b 42 08 85 c0 74 f7 48 8b 32\n RSP: 0018:ffffb3b6c001ebd8 EFLAGS: 00010086\n RAX: ffffffff8f220860 RBX: 0000000000000246 RCX: 0000000000080000\n RDX: ffff91db1f86c800 RSI: 000000000000173c RDI: ffff91db62bace00\n RBP: ffff91db62bacc00 R08: 0000000000000000 R09: c00000010000028b\n R10: 0000000000055198 R11: ffffb3b6c001ea58 R12: ffff91db80e05010\n R13: 000000000000000a R14: 0000000000000006 R15: 0000000000000040\n FS: 0000000000000000(0000) GS:ffff91db1f840000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffff8f220860 CR3: 00000001f9580004 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cIRQ\u003e\n _raw_spin_lock_irqsave+0x30/0x40\n mlx5_ib_poll_cq+0x4c/0xc50 [mlx5_ib]\n smc_wr_rx_tasklet_fn+0x56/0xa0 [smc]\n tasklet_action_common.isra.21+0x66/0x100\n __do_softirq+0xd5/0x29c\n asm_call_irq_on_stack+0x12/0x20\n \u003c/IRQ\u003e\n do_softirq_own_stack+0x37/0x40\n irq_exit_rcu+0x9d/0xa0\n sysvec_call_function_single+0x34/0x80\n asm_sysvec_call_function_single+0x12/0x20"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:17.282Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/89fcb70f1acd6b0bbf2f7bfbf45d7aa75a9bdcde"
},
{
"url": "https://git.kernel.org/stable/c/e9b1a4f867ae9c1dbd1d71cd09cbdb3239fb4968"
}
],
"title": "net/smc: Fix possible access to freed memory in link clear",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48673",
"datePublished": "2024-05-03T14:51:44.955Z",
"dateReserved": "2024-02-25T13:44:28.321Z",
"dateUpdated": "2024-08-03T15:17:55.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48689
Vulnerability from cvelistv5
Published
2024-05-03 15:00
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
tcp: TX zerocopy should not sense pfmemalloc status
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T20:38:37.630720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T20:39:14.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8527c9a6bf8e54fef0a8d3d7d8874a48c725c915"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6730c48ed6b0cd939fc9b30b2d621ce0b89bea83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3261400639463a853ba2b3be8bd009c2a8089775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/skbuff.h",
"net/core/datagram.c",
"net/ipv4/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8527c9a6bf8e",
"status": "affected",
"version": "c07aea3ef4d4",
"versionType": "git"
},
{
"lessThan": "6730c48ed6b0",
"status": "affected",
"version": "c07aea3ef4d4",
"versionType": "git"
},
{
"lessThan": "326140063946",
"status": "affected",
"version": "c07aea3ef4d4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/skbuff.h",
"net/core/datagram.c",
"net/ipv4/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: TX zerocopy should not sense pfmemalloc status\n\nWe got a recent syzbot report [1] showing a possible misuse\nof pfmemalloc page status in TCP zerocopy paths.\n\nIndeed, for pages coming from user space or other layers,\nusing page_is_pfmemalloc() is moot, and possibly could give\nfalse positives.\n\nThere has been attempts to make page_is_pfmemalloc() more robust,\nbut not using it in the first place in this context is probably better,\nremoving cpu cycles.\n\nNote to stable teams :\n\nYou need to backport 84ce071e38a6 (\"net: introduce\n__skb_fill_page_desc_noacc\") as a prereq.\n\nRace is more probable after commit c07aea3ef4d4\n(\"mm: add a signature in struct page\") because page_is_pfmemalloc()\nis now using low order bit from page-\u003elru.next, which can change\nmore often than page-\u003eindex.\n\nLow order bit should never be set for lru.next (when used as an anchor\nin LRU list), so KCSAN report is mostly a false positive.\n\nBackporting to older kernel versions seems not necessary.\n\n[1]\nBUG: KCSAN: data-race in lru_add_fn / tcp_build_frag\n\nwrite to 0xffffea0004a1d2c8 of 8 bytes by task 18600 on cpu 0:\n__list_add include/linux/list.h:73 [inline]\nlist_add include/linux/list.h:88 [inline]\nlruvec_add_folio include/linux/mm_inline.h:105 [inline]\nlru_add_fn+0x440/0x520 mm/swap.c:228\nfolio_batch_move_lru+0x1e1/0x2a0 mm/swap.c:246\nfolio_batch_add_and_move mm/swap.c:263 [inline]\nfolio_add_lru+0xf1/0x140 mm/swap.c:490\nfilemap_add_folio+0xf8/0x150 mm/filemap.c:948\n__filemap_get_folio+0x510/0x6d0 mm/filemap.c:1981\npagecache_get_page+0x26/0x190 mm/folio-compat.c:104\ngrab_cache_page_write_begin+0x2a/0x30 mm/folio-compat.c:116\next4_da_write_begin+0x2dd/0x5f0 fs/ext4/inode.c:2988\ngeneric_perform_write+0x1d4/0x3f0 mm/filemap.c:3738\next4_buffered_write_iter+0x235/0x3e0 fs/ext4/file.c:270\next4_file_write_iter+0x2e3/0x1210\ncall_write_iter include/linux/fs.h:2187 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x468/0x760 fs/read_write.c:578\nksys_write+0xe8/0x1a0 fs/read_write.c:631\n__do_sys_write fs/read_write.c:643 [inline]\n__se_sys_write fs/read_write.c:640 [inline]\n__x64_sys_write+0x3e/0x50 fs/read_write.c:640\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nread to 0xffffea0004a1d2c8 of 8 bytes by task 18611 on cpu 1:\npage_is_pfmemalloc include/linux/mm.h:1740 [inline]\n__skb_fill_page_desc include/linux/skbuff.h:2422 [inline]\nskb_fill_page_desc include/linux/skbuff.h:2443 [inline]\ntcp_build_frag+0x613/0xb20 net/ipv4/tcp.c:1018\ndo_tcp_sendpages+0x3e8/0xaf0 net/ipv4/tcp.c:1075\ntcp_sendpage_locked net/ipv4/tcp.c:1140 [inline]\ntcp_sendpage+0x89/0xb0 net/ipv4/tcp.c:1150\ninet_sendpage+0x7f/0xc0 net/ipv4/af_inet.c:833\nkernel_sendpage+0x184/0x300 net/socket.c:3561\nsock_sendpage+0x5a/0x70 net/socket.c:1054\npipe_to_sendpage+0x128/0x160 fs/splice.c:361\nsplice_from_pipe_feed fs/splice.c:415 [inline]\n__splice_from_pipe+0x222/0x4d0 fs/splice.c:559\nsplice_from_pipe fs/splice.c:594 [inline]\ngeneric_splice_sendpage+0x89/0xc0 fs/splice.c:743\ndo_splice_from fs/splice.c:764 [inline]\ndirect_splice_actor+0x80/0xa0 fs/splice.c:931\nsplice_direct_to_actor+0x305/0x620 fs/splice.c:886\ndo_splice_direct+0xfb/0x180 fs/splice.c:974\ndo_sendfile+0x3bf/0x910 fs/read_write.c:1249\n__do_sys_sendfile64 fs/read_write.c:1317 [inline]\n__se_sys_sendfile64 fs/read_write.c:1303 [inline]\n__x64_sys_sendfile64+0x10c/0x150 fs/read_write.c:1303\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nvalue changed: 0x0000000000000000 -\u003e 0xffffea0004a1d288\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 18611 Comm: syz-executor.4 Not tainted 6.0.0-rc2-syzkaller-00248-ge022620b5d05-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:23.638Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8527c9a6bf8e54fef0a8d3d7d8874a48c725c915"
},
{
"url": "https://git.kernel.org/stable/c/6730c48ed6b0cd939fc9b30b2d621ce0b89bea83"
},
{
"url": "https://git.kernel.org/stable/c/3261400639463a853ba2b3be8bd009c2a8089775"
}
],
"title": "tcp: TX zerocopy should not sense pfmemalloc status",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48689",
"datePublished": "2024-05-03T15:00:02.083Z",
"dateReserved": "2024-05-03T14:55:07.144Z",
"dateUpdated": "2024-08-03T15:17:55.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48705
Vulnerability from cvelistv5
Published
2024-05-03 17:45
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
wifi: mt76: mt7921e: fix crash in chip reset fail
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T19:17:08.017187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:43.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f7f3001723e337568017e8617974f29bc8b2f595"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa3fbe64037839f448dc569212bafc5a495d8219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7921/pci_mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f7f3001723e3",
"status": "affected",
"version": "0efaf31dec57",
"versionType": "git"
},
{
"lessThan": "fa3fbe640378",
"status": "affected",
"version": "0efaf31dec57",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/mediatek/mt76/mt7921/pci_mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921e: fix crash in chip reset fail\n\nIn case of drv own fail in reset, we may need to run mac_reset several\ntimes. The sequence would trigger system crash as the log below.\n\nBecause we do not re-enable/schedule \"tx_napi\" before disable it again,\nthe process would keep waiting for state change in napi_diable(). To\navoid the problem and keep status synchronize for each run, goto final\nresource handling if drv own failed.\n\n[ 5857.353423] mt7921e 0000:3b:00.0: driver own failed\n[ 5858.433427] mt7921e 0000:3b:00.0: Timeout for driver own\n[ 5859.633430] mt7921e 0000:3b:00.0: driver own failed\n[ 5859.633444] ------------[ cut here ]------------\n[ 5859.633446] WARNING: CPU: 6 at kernel/kthread.c:659 kthread_park+0x11d\n[ 5859.633717] Workqueue: mt76 mt7921_mac_reset_work [mt7921_common]\n[ 5859.633728] RIP: 0010:kthread_park+0x11d/0x150\n[ 5859.633736] RSP: 0018:ffff8881b676fc68 EFLAGS: 00010202\n......\n[ 5859.633766] Call Trace:\n[ 5859.633768] \u003cTASK\u003e\n[ 5859.633771] mt7921e_mac_reset+0x176/0x6f0 [mt7921e]\n[ 5859.633778] mt7921_mac_reset_work+0x184/0x3a0 [mt7921_common]\n[ 5859.633785] ? mt7921_mac_set_timing+0x520/0x520 [mt7921_common]\n[ 5859.633794] ? __kasan_check_read+0x11/0x20\n[ 5859.633802] process_one_work+0x7ee/0x1320\n[ 5859.633810] worker_thread+0x53c/0x1240\n[ 5859.633818] kthread+0x2b8/0x370\n[ 5859.633824] ? process_one_work+0x1320/0x1320\n[ 5859.633828] ? kthread_complete_and_exit+0x30/0x30\n[ 5859.633834] ret_from_fork+0x1f/0x30\n[ 5859.633842] \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:40.026Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f7f3001723e337568017e8617974f29bc8b2f595"
},
{
"url": "https://git.kernel.org/stable/c/fa3fbe64037839f448dc569212bafc5a495d8219"
}
],
"title": "wifi: mt76: mt7921e: fix crash in chip reset fail",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48705",
"datePublished": "2024-05-03T17:45:54.910Z",
"dateReserved": "2024-05-03T14:55:07.146Z",
"dateUpdated": "2024-08-03T15:17:55.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48686
Vulnerability from cvelistv5
Published
2024-05-03 14:59
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
nvme-tcp: fix UAF when detecting digest errors
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:58.605083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:44:52.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19816a021468",
"status": "affected",
"version": "3f2304f8c6d6",
"versionType": "git"
},
{
"lessThan": "5914fa32ef1b",
"status": "affected",
"version": "3f2304f8c6d6",
"versionType": "git"
},
{
"lessThan": "13c80a6c1124",
"status": "affected",
"version": "3f2304f8c6d6",
"versionType": "git"
},
{
"lessThan": "c3eb461aa56e",
"status": "affected",
"version": "3f2304f8c6d6",
"versionType": "git"
},
{
"lessThan": "160f3549a907",
"status": "affected",
"version": "3f2304f8c6d6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/tcp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix UAF when detecting digest errors\n\nWe should also bail from the io_work loop when we set rd_enabled to true,\nso we don\u0027t attempt to read data from the socket when the TCP stream is\nalready out-of-sync or corrupted."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:20.580Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19816a0214684f70b49b25075ff8c402fdd611d3"
},
{
"url": "https://git.kernel.org/stable/c/5914fa32ef1b7766fea933f9eed94ac5c00aa7ff"
},
{
"url": "https://git.kernel.org/stable/c/13c80a6c112467bab5e44d090767930555fc17a5"
},
{
"url": "https://git.kernel.org/stable/c/c3eb461aa56e6fa94fb80442ba2586bd223a8886"
},
{
"url": "https://git.kernel.org/stable/c/160f3549a907a50e51a8518678ba2dcf2541abea"
}
],
"title": "nvme-tcp: fix UAF when detecting digest errors",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48686",
"datePublished": "2024-05-03T14:59:10.472Z",
"dateReserved": "2024-05-03T14:55:07.143Z",
"dateUpdated": "2024-08-03T15:17:55.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48675
Vulnerability from cvelistv5
Published
2024-05-03 14:52
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
IB/core: Fix a nested dead lock as part of ODP flow
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:55:21.563051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:38.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8de6cb5755eae7b793d8c00c8696c8667d44a7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/819110054b14d7272b4188db997a3d80f75ab785"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83c43fd872e32c8071d5582eb7c40f573a8342f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/85eaeb5058f0f04dffb124c97c86b4f18db0b833"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/umem_odp.c",
"kernel/fork.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e8de6cb5755e",
"status": "affected",
"version": "36f30e486dce",
"versionType": "git"
},
{
"lessThan": "819110054b14",
"status": "affected",
"version": "36f30e486dce",
"versionType": "git"
},
{
"lessThan": "83c43fd872e3",
"status": "affected",
"version": "36f30e486dce",
"versionType": "git"
},
{
"lessThan": "85eaeb5058f0",
"status": "affected",
"version": "36f30e486dce",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/core/umem_odp.c",
"kernel/fork.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Fix a nested dead lock as part of ODP flow\n\nFix a nested dead lock as part of ODP flow by using mmput_async().\n\nFrom the below call trace [1] can see that calling mmput() once we have\nthe umem_odp-\u003eumem_mutex locked as required by\nib_umem_odp_map_dma_and_lock() might trigger in the same task the\nexit_mmap()-\u003e__mmu_notifier_release()-\u003emlx5_ib_invalidate_range() which\nmay dead lock when trying to lock the same mutex.\n\nMoving to use mmput_async() will solve the problem as the above\nexit_mmap() flow will be called in other task and will be executed once\nthe lock will be available.\n\n[1]\n[64843.077665] task:kworker/u133:2 state:D stack: 0 pid:80906 ppid:\n2 flags:0x00004000\n[64843.077672] Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib]\n[64843.077719] Call Trace:\n[64843.077722] \u003cTASK\u003e\n[64843.077724] __schedule+0x23d/0x590\n[64843.077729] schedule+0x4e/0xb0\n[64843.077735] schedule_preempt_disabled+0xe/0x10\n[64843.077740] __mutex_lock.constprop.0+0x263/0x490\n[64843.077747] __mutex_lock_slowpath+0x13/0x20\n[64843.077752] mutex_lock+0x34/0x40\n[64843.077758] mlx5_ib_invalidate_range+0x48/0x270 [mlx5_ib]\n[64843.077808] __mmu_notifier_release+0x1a4/0x200\n[64843.077816] exit_mmap+0x1bc/0x200\n[64843.077822] ? walk_page_range+0x9c/0x120\n[64843.077828] ? __cond_resched+0x1a/0x50\n[64843.077833] ? mutex_lock+0x13/0x40\n[64843.077839] ? uprobe_clear_state+0xac/0x120\n[64843.077860] mmput+0x5f/0x140\n[64843.077867] ib_umem_odp_map_dma_and_lock+0x21b/0x580 [ib_core]\n[64843.077931] pagefault_real_mr+0x9a/0x140 [mlx5_ib]\n[64843.077962] pagefault_mr+0xb4/0x550 [mlx5_ib]\n[64843.077992] pagefault_single_data_segment.constprop.0+0x2ac/0x560\n[mlx5_ib]\n[64843.078022] mlx5_ib_eqe_pf_action+0x528/0x780 [mlx5_ib]\n[64843.078051] process_one_work+0x22b/0x3d0\n[64843.078059] worker_thread+0x53/0x410\n[64843.078065] ? process_one_work+0x3d0/0x3d0\n[64843.078073] kthread+0x12a/0x150\n[64843.078079] ? set_kthread_struct+0x50/0x50\n[64843.078085] ret_from_fork+0x22/0x30\n[64843.078093] \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:19.568Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e8de6cb5755eae7b793d8c00c8696c8667d44a7f"
},
{
"url": "https://git.kernel.org/stable/c/819110054b14d7272b4188db997a3d80f75ab785"
},
{
"url": "https://git.kernel.org/stable/c/83c43fd872e32c8071d5582eb7c40f573a8342f3"
},
{
"url": "https://git.kernel.org/stable/c/85eaeb5058f0f04dffb124c97c86b4f18db0b833"
}
],
"title": "IB/core: Fix a nested dead lock as part of ODP flow",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48675",
"datePublished": "2024-05-03T14:52:06.518Z",
"dateReserved": "2024-02-25T13:44:28.322Z",
"dateUpdated": "2024-08-03T15:17:55.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48701
Vulnerability from cvelistv5
Published
2024-05-03 15:12
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:55.241403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:44:44.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91904870370fd986c29719846ed76d559de43251"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a308e415d247a23d4d64c964c02e782eede2936"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0492798bf8dfcc09c9337a1ba065da1d1ca68712"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6123bec8480d23369e2ee0b2208611619f269faf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98e8e67395cc6d0cdf3a771f86ea42d0ee6e59dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8293e61bbf908b18ff9935238d4fc2ad359e3fe0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e53f47f6c1a56d2af728909f1cb894da6b43d9bf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/usb/stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b970518014f2",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "91904870370f",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "2a308e415d24",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "0492798bf8df",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "6123bec8480d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "98e8e67395cc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "8293e61bbf90",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "e53f47f6c1a5",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/usb/stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.328",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.293",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.258",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()\n\nThere may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and\nthe number of it\u0027s interfaces less than 4, an out-of-bounds read bug occurs\nwhen parsing the interface descriptor for this device.\n\nFix this by checking the number of interfaces."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:35.930Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061"
},
{
"url": "https://git.kernel.org/stable/c/91904870370fd986c29719846ed76d559de43251"
},
{
"url": "https://git.kernel.org/stable/c/2a308e415d247a23d4d64c964c02e782eede2936"
},
{
"url": "https://git.kernel.org/stable/c/0492798bf8dfcc09c9337a1ba065da1d1ca68712"
},
{
"url": "https://git.kernel.org/stable/c/6123bec8480d23369e2ee0b2208611619f269faf"
},
{
"url": "https://git.kernel.org/stable/c/98e8e67395cc6d0cdf3a771f86ea42d0ee6e59dd"
},
{
"url": "https://git.kernel.org/stable/c/8293e61bbf908b18ff9935238d4fc2ad359e3fe0"
},
{
"url": "https://git.kernel.org/stable/c/e53f47f6c1a56d2af728909f1cb894da6b43d9bf"
}
],
"title": "ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48701",
"datePublished": "2024-05-03T15:12:34.160Z",
"dateReserved": "2024-05-03T14:55:07.146Z",
"dateUpdated": "2024-08-03T15:17:55.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48699
Vulnerability from cvelistv5
Published
2024-05-03 15:11
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
sched/debug: fix dentry leak in update_sched_domain_debugfs
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T17:42:13.797299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:42.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26e9a1ded8923510e5529fbb28390b22228700c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c32a93963e03c03e561d5a066eedad211880ba3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2e406596571659451f4b95e37ddfd5a8ef1d0dc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/sched/debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "26e9a1ded892",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "0c32a93963e0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "c2e406596571",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/sched/debug.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/debug: fix dentry leak in update_sched_domain_debugfs\n\nKuyo reports that the pattern of using debugfs_remove(debugfs_lookup())\nleaks a dentry and with a hotplug stress test, the machine eventually\nruns out of memory.\n\nFix this up by using the newly created debugfs_lookup_and_remove() call\ninstead which properly handles the dentry reference counting logic."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:33.910Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/26e9a1ded8923510e5529fbb28390b22228700c2"
},
{
"url": "https://git.kernel.org/stable/c/0c32a93963e03c03e561d5a066eedad211880ba3"
},
{
"url": "https://git.kernel.org/stable/c/c2e406596571659451f4b95e37ddfd5a8ef1d0dc"
}
],
"title": "sched/debug: fix dentry leak in update_sched_domain_debugfs",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48699",
"datePublished": "2024-05-03T15:11:54.150Z",
"dateReserved": "2024-05-03T14:55:07.145Z",
"dateUpdated": "2024-08-03T15:17:55.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48694
Vulnerability from cvelistv5
Published
2024-05-03 15:06
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
RDMA/irdma: Fix drain SQ hang with no completion
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:54:53.615962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:41.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14d148401c5202fec3a071e24785481d540b22c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5becc531a3fa8da75158a8993f56cc3e0717716e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ead54ced6321099978d30d62dc49c282a6e70574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/irdma/utils.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "14d148401c52",
"status": "affected",
"version": "bd2af69575f5",
"versionType": "git"
},
{
"lessThan": "5becc531a3fa",
"status": "affected",
"version": "81091d7696ae",
"versionType": "git"
},
{
"lessThan": "ead54ced6321",
"status": "affected",
"version": "81091d7696ae",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/irdma/utils.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.19"
},
{
"lessThan": "5.19",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix drain SQ hang with no completion\n\nSW generated completions for outstanding WRs posted on SQ\nafter QP is in error target the wrong CQ. This causes the\nib_drain_sq to hang with no completion.\n\nFix this to generate completions on the right CQ.\n\n[ 863.969340] INFO: task kworker/u52:2:671 blocked for more than 122 seconds.\n[ 863.979224] Not tainted 5.14.0-130.el9.x86_64 #1\n[ 863.986588] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 863.996997] task:kworker/u52:2 state:D stack: 0 pid: 671 ppid: 2 flags:0x00004000\n[ 864.007272] Workqueue: xprtiod xprt_autoclose [sunrpc]\n[ 864.014056] Call Trace:\n[ 864.017575] __schedule+0x206/0x580\n[ 864.022296] schedule+0x43/0xa0\n[ 864.026736] schedule_timeout+0x115/0x150\n[ 864.032185] __wait_for_common+0x93/0x1d0\n[ 864.037717] ? usleep_range_state+0x90/0x90\n[ 864.043368] __ib_drain_sq+0xf6/0x170 [ib_core]\n[ 864.049371] ? __rdma_block_iter_next+0x80/0x80 [ib_core]\n[ 864.056240] ib_drain_sq+0x66/0x70 [ib_core]\n[ 864.062003] rpcrdma_xprt_disconnect+0x82/0x3b0 [rpcrdma]\n[ 864.069365] ? xprt_prepare_transmit+0x5d/0xc0 [sunrpc]\n[ 864.076386] xprt_rdma_close+0xe/0x30 [rpcrdma]\n[ 864.082593] xprt_autoclose+0x52/0x100 [sunrpc]\n[ 864.088718] process_one_work+0x1e8/0x3c0\n[ 864.094170] worker_thread+0x50/0x3b0\n[ 864.099109] ? rescuer_thread+0x370/0x370\n[ 864.104473] kthread+0x149/0x170\n[ 864.109022] ? set_kthread_struct+0x40/0x40\n[ 864.114713] ret_from_fork+0x22/0x30"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:28.777Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/14d148401c5202fec3a071e24785481d540b22c3"
},
{
"url": "https://git.kernel.org/stable/c/5becc531a3fa8da75158a8993f56cc3e0717716e"
},
{
"url": "https://git.kernel.org/stable/c/ead54ced6321099978d30d62dc49c282a6e70574"
}
],
"title": "RDMA/irdma: Fix drain SQ hang with no completion",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48694",
"datePublished": "2024-05-03T15:06:57.588Z",
"dateReserved": "2024-05-03T14:55:07.145Z",
"dateUpdated": "2024-08-03T15:17:55.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48670
Vulnerability from cvelistv5
Published
2024-05-03 14:49
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
peci: cpu: Fix use-after-free in adev_release()
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "-1da177e4c3f4"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unknown",
"version": "-5.19.10"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unknown",
"version": "-6.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T21:13:48.802767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:48.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c87f1f99e26ea4ae08cabe753ae98e5626bdba89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c11289b34ab67ed080bbe0f1855c4938362d9cf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/peci/cpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c87f1f99e26e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "1c11289b34ab",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/peci/cpu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npeci: cpu: Fix use-after-free in adev_release()\n\nWhen auxiliary_device_add() returns an error, auxiliary_device_uninit()\nis called, which causes refcount for device to be decremented and\n.release callback will be triggered.\n\nBecause adev_release() re-calls auxiliary_device_uninit(), it will cause\nuse-after-free:\n[ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15\n[ 1269.464007] refcount_t: underflow; use-after-free."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:13.653Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c87f1f99e26ea4ae08cabe753ae98e5626bdba89"
},
{
"url": "https://git.kernel.org/stable/c/1c11289b34ab67ed080bbe0f1855c4938362d9cf"
}
],
"title": "peci: cpu: Fix use-after-free in adev_release()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48670",
"datePublished": "2024-05-03T14:49:54.401Z",
"dateReserved": "2024-02-25T13:44:28.321Z",
"dateUpdated": "2024-08-03T15:17:55.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48704
Vulnerability from cvelistv5
Published
2024-05-03 17:45
Modified
2024-09-11 17:33
Severity ?
EPSS score ?
Summary
drm/radeon: add a force flush to delay work when radeon
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b878da58df2c40b08914d3960e2224040fd1fbfe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e25e8f27fdbdc6fd55cc572a9939bf24500b9e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0a45f41fde4a0f2c900f719817493ee5c4a5aa3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c72d97146fc5a4dff381b1737f6167e89860430d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/826b46fd5974113515abe9e4fc8178009a8ce18c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a7a5b2edac4b05abd744eeaebda46d9dacd952d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16cb367daa446923d82e332537f446a4cc784b40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f461950fdc374a3ada5a63c669d997de4600dffe"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:43:29.607532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:27.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/radeon_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b878da58df2c",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "4e25e8f27fdb",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "c0a45f41fde4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "c72d97146fc5",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "826b46fd5974",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "5a7a5b2edac4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "16cb367daa44",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "f461950fdc37",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/radeon_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.328",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.293",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.258",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: add a force flush to delay work when radeon\n\nAlthough radeon card fence and wait for gpu to finish processing current batch rings,\nthere is still a corner case that radeon lockup work queue may not be fully flushed,\nand meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to\nput device in D3hot state.\nPer PCI spec rev 4.0 on 5.3.1.4.1 D3hot State.\n\u003e Configuration and Message requests are the only TLPs accepted by a Function in\n\u003e the D3hot state. All other received Requests must be handled as Unsupported Requests,\n\u003e and all received Completions may optionally be handled as Unexpected Completions.\nThis issue will happen in following logs:\nUnable to handle kernel paging request at virtual address 00008800e0008010\nCPU 0 kworker/0:3(131): Oops 0\npc = [\u003cffffffff811bea5c\u003e] ra = [\u003cffffffff81240844\u003e] ps = 0000 Tainted: G W\npc is at si_gpu_check_soft_reset+0x3c/0x240\nra is at si_dma_is_lockup+0x34/0xd0\nv0 = 0000000000000000 t0 = fff08800e0008010 t1 = 0000000000010000\nt2 = 0000000000008010 t3 = fff00007e3c00000 t4 = fff00007e3c00258\nt5 = 000000000000ffff t6 = 0000000000000001 t7 = fff00007ef078000\ns0 = fff00007e3c016e8 s1 = fff00007e3c00000 s2 = fff00007e3c00018\ns3 = fff00007e3c00000 s4 = fff00007fff59d80 s5 = 0000000000000000\ns6 = fff00007ef07bd98\na0 = fff00007e3c00000 a1 = fff00007e3c016e8 a2 = 0000000000000008\na3 = 0000000000000001 a4 = 8f5c28f5c28f5c29 a5 = ffffffff810f4338\nt8 = 0000000000000275 t9 = ffffffff809b66f8 t10 = ff6769c5d964b800\nt11= 000000000000b886 pv = ffffffff811bea20 at = 0000000000000000\ngp = ffffffff81d89690 sp = 00000000aa814126\nDisabling lock debugging due to kernel taint\nTrace:\n[\u003cffffffff81240844\u003e] si_dma_is_lockup+0x34/0xd0\n[\u003cffffffff81119610\u003e] radeon_fence_check_lockup+0xd0/0x290\n[\u003cffffffff80977010\u003e] process_one_work+0x280/0x550\n[\u003cffffffff80977350\u003e] worker_thread+0x70/0x7c0\n[\u003cffffffff80977410\u003e] worker_thread+0x130/0x7c0\n[\u003cffffffff80982040\u003e] kthread+0x200/0x210\n[\u003cffffffff809772e0\u003e] worker_thread+0x0/0x7c0\n[\u003cffffffff80981f8c\u003e] kthread+0x14c/0x210\n[\u003cffffffff80911658\u003e] ret_from_kernel_thread+0x18/0x20\n[\u003cffffffff80981e40\u003e] kthread+0x0/0x210\n Code: ad3e0008 43f0074a ad7e0018 ad9e0020 8c3001e8 40230101\n \u003c88210000\u003e 4821ed21\nSo force lockup work queue flush to fix this problem."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:38.993Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b878da58df2c40b08914d3960e2224040fd1fbfe"
},
{
"url": "https://git.kernel.org/stable/c/4e25e8f27fdbdc6fd55cc572a9939bf24500b9e8"
},
{
"url": "https://git.kernel.org/stable/c/c0a45f41fde4a0f2c900f719817493ee5c4a5aa3"
},
{
"url": "https://git.kernel.org/stable/c/c72d97146fc5a4dff381b1737f6167e89860430d"
},
{
"url": "https://git.kernel.org/stable/c/826b46fd5974113515abe9e4fc8178009a8ce18c"
},
{
"url": "https://git.kernel.org/stable/c/5a7a5b2edac4b05abd744eeaebda46d9dacd952d"
},
{
"url": "https://git.kernel.org/stable/c/16cb367daa446923d82e332537f446a4cc784b40"
},
{
"url": "https://git.kernel.org/stable/c/f461950fdc374a3ada5a63c669d997de4600dffe"
}
],
"title": "drm/radeon: add a force flush to delay work when radeon",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48704",
"datePublished": "2024-05-03T17:45:51.299Z",
"dateReserved": "2024-05-03T14:55:07.146Z",
"dateUpdated": "2024-09-11T17:33:27.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48693
Vulnerability from cvelistv5
Published
2024-05-03 15:05
Modified
2024-09-11 17:33
Severity ?
EPSS score ?
Summary
soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:43:32.791799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:27.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/bcm/brcmstb/pm/pm-arm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0284b4e6dec6",
"status": "affected",
"version": "0b741b8234c8",
"versionType": "git"
},
{
"lessThan": "57b2897ec3ff",
"status": "affected",
"version": "0b741b8234c8",
"versionType": "git"
},
{
"lessThan": "6dc0251638a4",
"status": "affected",
"version": "0b741b8234c8",
"versionType": "git"
},
{
"lessThan": "43245c77d9ef",
"status": "affected",
"version": "0b741b8234c8",
"versionType": "git"
},
{
"lessThan": "653500b400d5",
"status": "affected",
"version": "0b741b8234c8",
"versionType": "git"
},
{
"lessThan": "1085f5080647",
"status": "affected",
"version": "0b741b8234c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/bcm/brcmstb/pm/pm-arm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.258",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs\n\nIn brcmstb_pm_probe(), there are two kinds of leak bugs:\n\n(1) we need to add of_node_put() when for_each__matching_node() breaks\n(2) we need to add iounmap() for each iomap in fail path"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:27.737Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883"
},
{
"url": "https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b"
},
{
"url": "https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558"
},
{
"url": "https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d"
},
{
"url": "https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82"
},
{
"url": "https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1"
}
],
"title": "soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48693",
"datePublished": "2024-05-03T15:05:46.868Z",
"dateReserved": "2024-05-03T14:55:07.145Z",
"dateUpdated": "2024-09-11T17:33:27.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48696
Vulnerability from cvelistv5
Published
2024-05-03 15:09
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
regmap: spi: Reserve space for register address/padding
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T19:17:13.192981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:38.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15ff1f17847c19174b260bd7dd0de33edcebd45e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5723cfc01932c7a8d5c78dbf7e067e537c91439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/regmap/regmap-spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "15ff1f17847c",
"status": "affected",
"version": "f231ff38b7b2",
"versionType": "git"
},
{
"lessThan": "f5723cfc0193",
"status": "affected",
"version": "f231ff38b7b2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/regmap/regmap-spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: spi: Reserve space for register address/padding\n\nCurrently the max_raw_read and max_raw_write limits in regmap_spi struct\ndo not take into account the additional size of the transmitted register\naddress and padding. This may result in exceeding the maximum permitted\nSPI message size, which could cause undefined behaviour, e.g. data\ncorruption.\n\nFix regmap_get_spi_bus() to properly adjust the above mentioned limits\nby reserving space for the register address/padding as set in the regmap\nconfiguration."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:30.823Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/15ff1f17847c19174b260bd7dd0de33edcebd45e"
},
{
"url": "https://git.kernel.org/stable/c/f5723cfc01932c7a8d5c78dbf7e067e537c91439"
}
],
"title": "regmap: spi: Reserve space for register address/padding",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48696",
"datePublished": "2024-05-03T15:09:48.280Z",
"dateReserved": "2024-05-03T14:55:07.145Z",
"dateUpdated": "2024-08-03T15:17:55.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48692
Vulnerability from cvelistv5
Published
2024-05-03 15:05
Modified
2024-09-11 17:33
Severity ?
EPSS score ?
Summary
RDMA/srp: Set scmnd->result only when scmnd is not NULL
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f022576aa03c2385ea7f2b27ee5b331e43abf624"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8edd49c94b4b08019ed7d6dd794fca8078a4deb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2c70f56f762e5dc3b0d7dc438fbb137cb116413"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12f35199a2c0551187edbf8eb01379f0598659fa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:43:36.035080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:27.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/srp/ib_srp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f022576aa03c",
"status": "affected",
"version": "81982125c352",
"versionType": "git"
},
{
"lessThan": "a8edd49c94b4",
"status": "affected",
"version": "ad215aaea4f9",
"versionType": "git"
},
{
"lessThan": "f2c70f56f762",
"status": "affected",
"version": "ad215aaea4f9",
"versionType": "git"
},
{
"lessThan": "12f35199a2c0",
"status": "affected",
"version": "ad215aaea4f9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/srp/ib_srp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srp: Set scmnd-\u003eresult only when scmnd is not NULL\n\nThis change fixes the following kernel NULL pointer dereference\nwhich is reproduced by blktests srp/007 occasionally.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000170\nPGD 0 P4D 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 9 Comm: kworker/0:1H Kdump: loaded Not tainted 6.0.0-rc1+ #37\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qemu.org 04/01/2014\nWorkqueue: 0x0 (kblockd)\nRIP: 0010:srp_recv_done+0x176/0x500 [ib_srp]\nCode: 00 4d 85 ff 0f 84 52 02 00 00 48 c7 82 80 02 00 00 00 00 00 00 4c 89 df 4c 89 14 24 e8 53 d3 4a f6 4c 8b 14 24 41 0f b6 42 13 \u003c41\u003e 89 87 70 01 00 00 41 0f b6 52 12 f6 c2 02 74 44 41 8b 42 1c b9\nRSP: 0018:ffffaef7c0003e28 EFLAGS: 00000282\nRAX: 0000000000000000 RBX: ffff9bc9486dea60 RCX: 0000000000000000\nRDX: 0000000000000102 RSI: ffffffffb76bbd0e RDI: 00000000ffffffff\nRBP: ffff9bc980099a00 R08: 0000000000000001 R09: 0000000000000001\nR10: ffff9bca53ef0000 R11: ffff9bc980099a10 R12: ffff9bc956e14000\nR13: ffff9bc9836b9cb0 R14: ffff9bc9557b4480 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff9bc97ec00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000170 CR3: 0000000007e04000 CR4: 00000000000006f0\nCall Trace:\n \u003cIRQ\u003e\n __ib_process_cq+0xb7/0x280 [ib_core]\n ib_poll_handler+0x2b/0x130 [ib_core]\n irq_poll_softirq+0x93/0x150\n __do_softirq+0xee/0x4b8\n irq_exit_rcu+0xf7/0x130\n sysvec_apic_timer_interrupt+0x8e/0xc0\n \u003c/IRQ\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:26.723Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f022576aa03c2385ea7f2b27ee5b331e43abf624"
},
{
"url": "https://git.kernel.org/stable/c/a8edd49c94b4b08019ed7d6dd794fca8078a4deb"
},
{
"url": "https://git.kernel.org/stable/c/f2c70f56f762e5dc3b0d7dc438fbb137cb116413"
},
{
"url": "https://git.kernel.org/stable/c/12f35199a2c0551187edbf8eb01379f0598659fa"
}
],
"title": "RDMA/srp: Set scmnd-\u003eresult only when scmnd is not NULL",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48692",
"datePublished": "2024-05-03T15:05:31.107Z",
"dateReserved": "2024-05-03T14:55:07.144Z",
"dateUpdated": "2024-09-11T17:33:27.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48671
Vulnerability from cvelistv5
Published
2024-05-03 14:50
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T15:12:14.079254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:44.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/321488cfac7d0eb6d97de467015ff754f85813ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07191f984842d50020789ff14c75da436a7f46a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9f267393b036f1470fb12fb892d59e7ff8aeb58d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5db17805b6ba4c34dab303f49aea3562fc25af75"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99bc25748e394d17f9e8b10cc7f273b8e64c1c7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43626dade36fa74d3329046f4ae2d7fdefe401c6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/cgroup/cgroup-v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "321488cfac7d",
"status": "affected",
"version": "e446300968c6",
"versionType": "git"
},
{
"lessThan": "07191f984842",
"status": "affected",
"version": "59c6902a96b4",
"versionType": "git"
},
{
"lessThan": "9f267393b036",
"status": "affected",
"version": "dee1e2b18cf5",
"versionType": "git"
},
{
"lessThan": "5db17805b6ba",
"status": "affected",
"version": "3bf4bf54069f",
"versionType": "git"
},
{
"lessThan": "99bc25748e39",
"status": "affected",
"version": "c0deb027c99c",
"versionType": "git"
},
{
"lessThan": "43626dade36f",
"status": "affected",
"version": "4f7e7236435c",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/cgroup/cgroup-v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5.4.215",
"status": "affected",
"version": "5.4.213",
"versionType": "custom"
},
{
"lessThan": "5.10.145",
"status": "affected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThan": "5.15.70",
"status": "affected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThan": "5.19.11",
"status": "affected",
"version": "5.19.9",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()\n\nsyzbot is hitting percpu_rwsem_assert_held(\u0026cpu_hotplug_lock) warning at\ncpuset_attach() [1], for commit 4f7e7236435ca0ab (\"cgroup: Fix\nthreadgroup_rwsem \u003c-\u003e cpus_read_lock() deadlock\") missed that\ncpuset_attach() is also called from cgroup_attach_task_all().\nAdd cpus_read_lock() like what cgroup_procs_write_start() does."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:14.683Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/321488cfac7d0eb6d97de467015ff754f85813ff"
},
{
"url": "https://git.kernel.org/stable/c/07191f984842d50020789ff14c75da436a7f46a9"
},
{
"url": "https://git.kernel.org/stable/c/9f267393b036f1470fb12fb892d59e7ff8aeb58d"
},
{
"url": "https://git.kernel.org/stable/c/5db17805b6ba4c34dab303f49aea3562fc25af75"
},
{
"url": "https://git.kernel.org/stable/c/99bc25748e394d17f9e8b10cc7f273b8e64c1c7e"
},
{
"url": "https://git.kernel.org/stable/c/43626dade36fa74d3329046f4ae2d7fdefe401c6"
}
],
"title": "cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48671",
"datePublished": "2024-05-03T14:50:23.558Z",
"dateReserved": "2024-02-25T13:44:28.321Z",
"dateUpdated": "2024-08-03T15:17:55.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48690
Vulnerability from cvelistv5
Published
2024-05-03 17:44
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
ice: Fix DMA mappings leak
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:48.743720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:44:28.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/07f40e9f0ff342eb3e97d5c544783b7cb641689c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e753eb675f0523207b184558638ee2eed6c9ac2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_base.c",
"drivers/net/ethernet/intel/ice/ice_main.c",
"drivers/net/ethernet/intel/ice/ice_xsk.c",
"drivers/net/ethernet/intel/ice/ice_xsk.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "07f40e9f0ff3",
"status": "affected",
"version": "617f3e1b588c",
"versionType": "git"
},
{
"lessThan": "7e753eb675f0",
"status": "affected",
"version": "617f3e1b588c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_base.c",
"drivers/net/ethernet/intel/ice/ice_main.c",
"drivers/net/ethernet/intel/ice/ice_xsk.c",
"drivers/net/ethernet/intel/ice/ice_xsk.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix DMA mappings leak\n\nFix leak, when user changes ring parameters.\nDuring reallocation of RX buffers, new DMA mappings are created for\nthose buffers. New buffers with different RX ring count should\nsubstitute older ones, but those buffers were freed in ice_vsi_cfg_rxq\nand reallocated again with ice_alloc_rx_buf. kfree on rx_buf caused\nleak of already mapped DMA.\nReallocate ZC with xdp_buf struct, when BPF program loads. Reallocate\nback to rx_buf, when BPF program unloads.\nIf BPF program is loaded/unloaded and XSK pools are created, reallocate\nRX queues accordingly in XDP_SETUP_XSK_POOL handler.\n\nSteps for reproduction:\nwhile :\ndo\n\tfor ((i=0; i\u003c=8160; i=i+32))\n\tdo\n\t\tethtool -G enp130s0f0 rx $i tx $i\n\t\tsleep 0.5\n\t\tethtool -g enp130s0f0\n\tdone\ndone"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:24.669Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/07f40e9f0ff342eb3e97d5c544783b7cb641689c"
},
{
"url": "https://git.kernel.org/stable/c/7e753eb675f0523207b184558638ee2eed6c9ac2"
}
],
"title": "ice: Fix DMA mappings leak",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48690",
"datePublished": "2024-05-03T17:44:31.180Z",
"dateReserved": "2024-05-03T14:55:07.144Z",
"dateUpdated": "2024-08-03T15:17:55.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48703
Vulnerability from cvelistv5
Published
2024-05-03 15:14
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:52.003733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:44:38.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/intel/int340x_thermal/int3400_thermal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dae42083b045",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "7931e28098a4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/intel/int340x_thermal/int3400_thermal.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[ 71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:37.987Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2"
},
{
"url": "https://git.kernel.org/stable/c/7931e28098a4c1a2a6802510b0cbe57546d2049d"
}
],
"title": "thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48703",
"datePublished": "2024-05-03T15:14:07.390Z",
"dateReserved": "2024-05-03T14:55:07.146Z",
"dateUpdated": "2024-08-03T15:17:55.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48674
Vulnerability from cvelistv5
Published
2024-05-03 14:51
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
erofs: fix pcluster use-after-free on UP platforms
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:40:01.935760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:45:03.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ddd001cef5e82d19192e6861068463ecca5f556"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94c34faaafe7b55adc2d8d881db195b646959b9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f44013e39984c127c6efedf70e6b5f4e9dcf315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/erofs/internal.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8ddd001cef5e",
"status": "affected",
"version": "73f5c66df3e2",
"versionType": "git"
},
{
"lessThan": "94c34faaafe7",
"status": "affected",
"version": "73f5c66df3e2",
"versionType": "git"
},
{
"lessThan": "2f44013e3998",
"status": "affected",
"version": "73f5c66df3e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/erofs/internal.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix pcluster use-after-free on UP platforms\n\nDuring stress testing with CONFIG_SMP disabled, KASAN reports as below:\n\n==================================================================\nBUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30\nRead of size 8 at addr ffff8881094223f8 by task stress/7789\n\nCPU: 0 PID: 7789 Comm: stress Not tainted 6.0.0-rc1-00002-g0d53d2e882f9 #3\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n..\n __mutex_lock+0xe5/0xc30\n..\n z_erofs_do_read_page+0x8ce/0x1560\n..\n z_erofs_readahead+0x31c/0x580\n..\nFreed by task 7787\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x20/0x30\n kasan_set_free_info+0x20/0x40\n __kasan_slab_free+0x10c/0x190\n kmem_cache_free+0xed/0x380\n rcu_core+0x3d5/0xc90\n __do_softirq+0x12d/0x389\n\nLast potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0x97/0xb0\n call_rcu+0x3d/0x3f0\n erofs_shrink_workstation+0x11f/0x210\n erofs_shrink_scan+0xdc/0x170\n shrink_slab.constprop.0+0x296/0x530\n drop_slab+0x1c/0x70\n drop_caches_sysctl_handler+0x70/0x80\n proc_sys_call_handler+0x20a/0x2f0\n vfs_write+0x555/0x6c0\n ksys_write+0xbe/0x160\n do_syscall_64+0x3b/0x90\n\nThe root cause is that erofs_workgroup_unfreeze() doesn\u0027t reset to\norig_val thus it causes a race that the pcluster reuses unexpectedly\nbefore freeing.\n\nSince UP platforms are quite rare now, such path becomes unnecessary.\nLet\u0027s drop such specific-designed path directly instead."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:18.535Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8ddd001cef5e82d19192e6861068463ecca5f556"
},
{
"url": "https://git.kernel.org/stable/c/94c34faaafe7b55adc2d8d881db195b646959b9e"
},
{
"url": "https://git.kernel.org/stable/c/2f44013e39984c127c6efedf70e6b5f4e9dcf315"
}
],
"title": "erofs: fix pcluster use-after-free on UP platforms",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48674",
"datePublished": "2024-05-03T14:51:57.294Z",
"dateReserved": "2024-02-25T13:44:28.322Z",
"dateUpdated": "2024-08-03T15:17:55.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48672
Vulnerability from cvelistv5
Published
2024-05-03 14:51
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
of: fdt: fix off-by-one error in unflatten_dt_nodes()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:31:42.544378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:31:56.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbdda20ce363356698835185801a58a28f644853"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2566706ac6393386a4e7c4ce23fe17f4c98d9aa0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0e88c25f88b9805572263c9ed20f1d88742feaf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee4369260e77821602102dcc7d792de39a56365c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba6b9f7cc1108bad6e2c53b1d6e0156379188db7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2133f451311671c7c42b5640d2b999326b39aa0e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f945a792f67815abca26fa8a5e863ccf3fa1181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/of/fdt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cbdda20ce363",
"status": "affected",
"version": "78c44d910d3e",
"versionType": "git"
},
{
"lessThan": "2566706ac639",
"status": "affected",
"version": "78c44d910d3e",
"versionType": "git"
},
{
"lessThan": "e0e88c25f88b",
"status": "affected",
"version": "78c44d910d3e",
"versionType": "git"
},
{
"lessThan": "ee4369260e77",
"status": "affected",
"version": "78c44d910d3e",
"versionType": "git"
},
{
"lessThan": "ba6b9f7cc110",
"status": "affected",
"version": "78c44d910d3e",
"versionType": "git"
},
{
"lessThan": "2133f4513116",
"status": "affected",
"version": "78c44d910d3e",
"versionType": "git"
},
{
"lessThan": "2f945a792f67",
"status": "affected",
"version": "78c44d910d3e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/of/fdt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.295",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.260",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.215",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.145",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.70",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: fdt: fix off-by-one error in unflatten_dt_nodes()\n\nCommit 78c44d910d3e (\"drivers/of: Fix depth when unflattening devicetree\")\nforgot to fix up the depth check in the loop body in unflatten_dt_nodes()\nwhich makes it possible to overflow the nps[] buffer...\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:16.252Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cbdda20ce363356698835185801a58a28f644853"
},
{
"url": "https://git.kernel.org/stable/c/2566706ac6393386a4e7c4ce23fe17f4c98d9aa0"
},
{
"url": "https://git.kernel.org/stable/c/e0e88c25f88b9805572263c9ed20f1d88742feaf"
},
{
"url": "https://git.kernel.org/stable/c/ee4369260e77821602102dcc7d792de39a56365c"
},
{
"url": "https://git.kernel.org/stable/c/ba6b9f7cc1108bad6e2c53b1d6e0156379188db7"
},
{
"url": "https://git.kernel.org/stable/c/2133f451311671c7c42b5640d2b999326b39aa0e"
},
{
"url": "https://git.kernel.org/stable/c/2f945a792f67815abca26fa8a5e863ccf3fa1181"
}
],
"title": "of: fdt: fix off-by-one error in unflatten_dt_nodes()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48672",
"datePublished": "2024-05-03T14:51:18.085Z",
"dateReserved": "2024-02-25T13:44:28.321Z",
"dateUpdated": "2024-08-03T15:17:55.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48687
Vulnerability from cvelistv5
Published
2024-05-03 14:59
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
ipv6: sr: fix out-of-bounds read when setting HMAC data.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T20:39:43.146783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T20:39:58.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc9dbd65c803af1607484fed5da50d41dc8dd864"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f684c16971ed5e77dfa25a9ad25b5297e1f58eab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3df71e11a4773d775c3633c44319f7acdb89011c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/076f2479fc5a15c4a970ca3b5e57d42ba09a31fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55195563ec29f80f984237b743de0e2b6ba4d093"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56ad3f475482bca55b0ae544031333018eb145b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84a53580c5d2138c7361c7c3eea5b31827e63b35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dc9dbd65c803",
"status": "affected",
"version": "4f4853dc1c9c",
"versionType": "git"
},
{
"lessThan": "f684c16971ed",
"status": "affected",
"version": "4f4853dc1c9c",
"versionType": "git"
},
{
"lessThan": "3df71e11a477",
"status": "affected",
"version": "4f4853dc1c9c",
"versionType": "git"
},
{
"lessThan": "076f2479fc5a",
"status": "affected",
"version": "4f4853dc1c9c",
"versionType": "git"
},
{
"lessThan": "55195563ec29",
"status": "affected",
"version": "4f4853dc1c9c",
"versionType": "git"
},
{
"lessThan": "56ad3f475482",
"status": "affected",
"version": "4f4853dc1c9c",
"versionType": "git"
},
{
"lessThan": "84a53580c5d2",
"status": "affected",
"version": "4f4853dc1c9c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.293",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.258",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix out-of-bounds read when setting HMAC data.\n\nThe SRv6 layer allows defining HMAC data that can later be used to sign IPv6\nSegment Routing Headers. This configuration is realised via netlink through\nfour attributes: SEG6_ATTR_HMACKEYID, SEG6_ATTR_SECRET, SEG6_ATTR_SECRETLEN and\nSEG6_ATTR_ALGID. Because the SECRETLEN attribute is decoupled from the actual\nlength of the SECRET attribute, it is possible to provide invalid combinations\n(e.g., secret = \"\", secretlen = 64). This case is not checked in the code and\nwith an appropriately crafted netlink message, an out-of-bounds read of up\nto 64 bytes (max secret length) can occur past the skb end pointer and into\nskb_shared_info:\n\nBreakpoint 1, seg6_genl_sethmac (skb=\u003coptimized out\u003e, info=\u003coptimized out\u003e) at net/ipv6/seg6.c:208\n208\t\tmemcpy(hinfo-\u003esecret, secret, slen);\n(gdb) bt\n #0 seg6_genl_sethmac (skb=\u003coptimized out\u003e, info=\u003coptimized out\u003e) at net/ipv6/seg6.c:208\n #1 0xffffffff81e012e9 in genl_family_rcv_msg_doit (skb=skb@entry=0xffff88800b1f9f00, nlh=nlh@entry=0xffff88800b1b7600,\n extack=extack@entry=0xffffc90000ba7af0, ops=ops@entry=0xffffc90000ba7a80, hdrlen=4, net=0xffffffff84237580 \u003cinit_net\u003e, family=\u003coptimized out\u003e,\n family=\u003coptimized out\u003e) at net/netlink/genetlink.c:731\n #2 0xffffffff81e01435 in genl_family_rcv_msg (extack=0xffffc90000ba7af0, nlh=0xffff88800b1b7600, skb=0xffff88800b1f9f00,\n family=0xffffffff82fef6c0 \u003cseg6_genl_family\u003e) at net/netlink/genetlink.c:775\n #3 genl_rcv_msg (skb=0xffff88800b1f9f00, nlh=0xffff88800b1b7600, extack=0xffffc90000ba7af0) at net/netlink/genetlink.c:792\n #4 0xffffffff81dfffc3 in netlink_rcv_skb (skb=skb@entry=0xffff88800b1f9f00, cb=cb@entry=0xffffffff81e01350 \u003cgenl_rcv_msg\u003e)\n at net/netlink/af_netlink.c:2501\n #5 0xffffffff81e00919 in genl_rcv (skb=0xffff88800b1f9f00) at net/netlink/genetlink.c:803\n #6 0xffffffff81dff6ae in netlink_unicast_kernel (ssk=0xffff888010eec800, skb=0xffff88800b1f9f00, sk=0xffff888004aed000)\n at net/netlink/af_netlink.c:1319\n #7 netlink_unicast (ssk=ssk@entry=0xffff888010eec800, skb=skb@entry=0xffff88800b1f9f00, portid=portid@entry=0, nonblock=\u003coptimized out\u003e)\n at net/netlink/af_netlink.c:1345\n #8 0xffffffff81dff9a4 in netlink_sendmsg (sock=\u003coptimized out\u003e, msg=0xffffc90000ba7e48, len=\u003coptimized out\u003e) at net/netlink/af_netlink.c:1921\n...\n(gdb) p/x ((struct sk_buff *)0xffff88800b1f9f00)-\u003ehead + ((struct sk_buff *)0xffff88800b1f9f00)-\u003eend\n$1 = 0xffff88800b1b76c0\n(gdb) p/x secret\n$2 = 0xffff88800b1b76c0\n(gdb) p slen\n$3 = 64 \u0027@\u0027\n\nThe OOB data can then be read back from userspace by dumping HMAC state. This\ncommit fixes this by ensuring SECRETLEN cannot exceed the actual length of\nSECRET."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:21.600Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dc9dbd65c803af1607484fed5da50d41dc8dd864"
},
{
"url": "https://git.kernel.org/stable/c/f684c16971ed5e77dfa25a9ad25b5297e1f58eab"
},
{
"url": "https://git.kernel.org/stable/c/3df71e11a4773d775c3633c44319f7acdb89011c"
},
{
"url": "https://git.kernel.org/stable/c/076f2479fc5a15c4a970ca3b5e57d42ba09a31fa"
},
{
"url": "https://git.kernel.org/stable/c/55195563ec29f80f984237b743de0e2b6ba4d093"
},
{
"url": "https://git.kernel.org/stable/c/56ad3f475482bca55b0ae544031333018eb145b3"
},
{
"url": "https://git.kernel.org/stable/c/84a53580c5d2138c7361c7c3eea5b31827e63b35"
}
],
"title": "ipv6: sr: fix out-of-bounds read when setting HMAC data.",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48687",
"datePublished": "2024-05-03T14:59:32.099Z",
"dateReserved": "2024-05-03T14:55:07.144Z",
"dateUpdated": "2024-08-03T15:17:55.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48691
Vulnerability from cvelistv5
Published
2024-05-03 15:03
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
netfilter: nf_tables: clean up hook list when offload flags check fails
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T20:37:11.395564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T20:38:11.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/910891a2a44cdc49efcc4fe7459c1085ba00d0f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ce55ec5cb7c573c983dffbe290b8d17caf1f157"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94ed8eeb8d9aeb00e4f4e19b83a2e28b6442fbc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77972a36ecc4db7fc7c68f0e80714263c5f03f65"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "910891a2a44c",
"status": "affected",
"version": "d54725cd11a5",
"versionType": "git"
},
{
"lessThan": "1ce55ec5cb7c",
"status": "affected",
"version": "d54725cd11a5",
"versionType": "git"
},
{
"lessThan": "94ed8eeb8d9a",
"status": "affected",
"version": "d54725cd11a5",
"versionType": "git"
},
{
"lessThan": "77972a36ecc4",
"status": "affected",
"version": "d54725cd11a5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: clean up hook list when offload flags check fails\n\nsplice back the hook list so nft_chain_release_hook() has a chance to\nrelease the hooks.\n\nBUG: memory leak\nunreferenced object 0xffff88810180b100 (size 96):\n comm \"syz-executor133\", pid 3619, jiffies 4294945714 (age 12.690s)\n hex dump (first 32 bytes):\n 28 64 23 02 81 88 ff ff 28 64 23 02 81 88 ff ff (d#.....(d#.....\n 90 a8 aa 83 ff ff ff ff 00 00 b5 0f 81 88 ff ff ................\n backtrace:\n [\u003cffffffff83a8c59b\u003e] kmalloc include/linux/slab.h:600 [inline]\n [\u003cffffffff83a8c59b\u003e] nft_netdev_hook_alloc+0x3b/0xc0 net/netfilter/nf_tables_api.c:1901\n [\u003cffffffff83a9239a\u003e] nft_chain_parse_netdev net/netfilter/nf_tables_api.c:1998 [inline]\n [\u003cffffffff83a9239a\u003e] nft_chain_parse_hook+0x33a/0x530 net/netfilter/nf_tables_api.c:2073\n [\u003cffffffff83a9b14b\u003e] nf_tables_addchain.constprop.0+0x10b/0x950 net/netfilter/nf_tables_api.c:2218\n [\u003cffffffff83a9c41b\u003e] nf_tables_newchain+0xa8b/0xc60 net/netfilter/nf_tables_api.c:2593\n [\u003cffffffff83a3d6a6\u003e] nfnetlink_rcv_batch+0xa46/0xd20 net/netfilter/nfnetlink.c:517\n [\u003cffffffff83a3db79\u003e] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:638 [inline]\n [\u003cffffffff83a3db79\u003e] nfnetlink_rcv+0x1f9/0x220 net/netfilter/nfnetlink.c:656\n [\u003cffffffff83a13b17\u003e] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n [\u003cffffffff83a13b17\u003e] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345\n [\u003cffffffff83a13fd6\u003e] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921\n [\u003cffffffff83865ab6\u003e] sock_sendmsg_nosec net/socket.c:714 [inline]\n [\u003cffffffff83865ab6\u003e] sock_sendmsg+0x56/0x80 net/socket.c:734\n [\u003cffffffff8386601c\u003e] ____sys_sendmsg+0x36c/0x390 net/socket.c:2482\n [\u003cffffffff8386a918\u003e] ___sys_sendmsg+0xa8/0x110 net/socket.c:2536\n [\u003cffffffff8386aaa8\u003e] __sys_sendmsg+0x88/0x100 net/socket.c:2565\n [\u003cffffffff845e5955\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [\u003cffffffff845e5955\u003e] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n [\u003cffffffff84800087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:25.689Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/910891a2a44cdc49efcc4fe7459c1085ba00d0f4"
},
{
"url": "https://git.kernel.org/stable/c/1ce55ec5cb7c573c983dffbe290b8d17caf1f157"
},
{
"url": "https://git.kernel.org/stable/c/94ed8eeb8d9aeb00e4f4e19b83a2e28b6442fbc5"
},
{
"url": "https://git.kernel.org/stable/c/77972a36ecc4db7fc7c68f0e80714263c5f03f65"
}
],
"title": "netfilter: nf_tables: clean up hook list when offload flags check fails",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48691",
"datePublished": "2024-05-03T15:03:28.996Z",
"dateReserved": "2024-05-03T14:55:07.144Z",
"dateUpdated": "2024-08-03T15:17:55.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48700
Vulnerability from cvelistv5
Published
2024-05-03 15:12
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
vfio/type1: Unpin zero pages
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:31:01.372546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:31:14.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/578d644edc7d2c1ff53f7e4d0a25da473deb4a03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5321908ef74fb593e0dbc8737d25038fc86c9986"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d721bf222936f5cf3ee15ced53cc483ecef7e46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/873aefb376bbc0ed1dd2381ea1d6ec88106fdbd4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vfio/vfio_iommu_type1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "578d644edc7d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "5321908ef74f",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "5d721bf22293",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "873aefb376bb",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vfio/vfio_iommu_type1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.146",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/type1: Unpin zero pages\n\nThere\u0027s currently a reference count leak on the zero page. We increment\nthe reference via pin_user_pages_remote(), but the page is later handled\nas an invalid/reserved page, therefore it\u0027s not accounted against the\nuser and not unpinned by our put_pfn().\n\nIntroducing special zero page handling in put_pfn() would resolve the\nleak, but without accounting of the zero page, a single user could\nstill create enough mappings to generate a reference count overflow.\n\nThe zero page is always resident, so for our purposes there\u0027s no reason\nto keep it pinned. Therefore, add a loop to walk pages returned from\npin_user_pages_remote() and unpin any zero pages."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:34.920Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/578d644edc7d2c1ff53f7e4d0a25da473deb4a03"
},
{
"url": "https://git.kernel.org/stable/c/5321908ef74fb593e0dbc8737d25038fc86c9986"
},
{
"url": "https://git.kernel.org/stable/c/5d721bf222936f5cf3ee15ced53cc483ecef7e46"
},
{
"url": "https://git.kernel.org/stable/c/873aefb376bbc0ed1dd2381ea1d6ec88106fdbd4"
}
],
"title": "vfio/type1: Unpin zero pages",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48700",
"datePublished": "2024-05-03T15:12:16.246Z",
"dateReserved": "2024-05-03T14:55:07.145Z",
"dateUpdated": "2024-08-03T15:17:55.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48702
Vulnerability from cvelistv5
Published
2024-05-03 15:13
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T18:37:27.683467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:45.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/pci/emu10k1/emupcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "637c5310acb4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "6b0e260ac3cf",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "88aac6684cf8",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "45321a7d02b7",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "39a90720f3ab",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "45814a53514e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "4204a01ffce9",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "d29f59051d3a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/pci/emu10k1/emupcm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.328",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.293",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.258",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.213",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()\n\nThe voice allocator sometimes begins allocating from near the end of the\narray and then wraps around, however snd_emu10k1_pcm_channel_alloc()\naccesses the newly allocated voices as if it never wrapped around.\n\nThis results in out of bounds access if the first voice has a high enough\nindex so that first_voice + requested_voice_count \u003e NUM_G (64).\nThe more voices are requested, the more likely it is for this to occur.\n\nThis was initially discovered using PipeWire, however it can be reproduced\nby calling aplay multiple times with 16 channels:\naplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero\n\nUBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40\nindex 65 is out of range for type \u0027snd_emu10k1_voice [64]\u0027\nCPU: 1 PID: 31977 Comm: aplay Tainted: G W IOE 6.0.0-rc2-emu10k1+ #7\nHardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002 07/22/2010\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x49/0x63\ndump_stack+0x10/0x16\nubsan_epilogue+0x9/0x3f\n__ubsan_handle_out_of_bounds.cold+0x44/0x49\nsnd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1]\nsnd_pcm_hw_params+0x29f/0x600 [snd_pcm]\nsnd_pcm_common_ioctl+0x188/0x1410 [snd_pcm]\n? exit_to_user_mode_prepare+0x35/0x170\n? do_syscall_64+0x69/0x90\n? syscall_exit_to_user_mode+0x26/0x50\n? do_syscall_64+0x69/0x90\n? exit_to_user_mode_prepare+0x35/0x170\nsnd_pcm_ioctl+0x27/0x40 [snd_pcm]\n__x64_sys_ioctl+0x95/0xd0\ndo_syscall_64+0x5c/0x90\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:36.968Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa"
},
{
"url": "https://git.kernel.org/stable/c/6b0e260ac3cf289e38446552461caa65e6dab275"
},
{
"url": "https://git.kernel.org/stable/c/88aac6684cf8bc885cca15463cb4407e91f28ff7"
},
{
"url": "https://git.kernel.org/stable/c/45321a7d02b7cf9b3f97e3987fc1e4d649b82da2"
},
{
"url": "https://git.kernel.org/stable/c/39a90720f3abe96625d1224e7a7463410875de4c"
},
{
"url": "https://git.kernel.org/stable/c/45814a53514e10a8014906c882e0d0d38df39cc1"
},
{
"url": "https://git.kernel.org/stable/c/4204a01ffce97cae1d59edc5848f02be5b2b9178"
},
{
"url": "https://git.kernel.org/stable/c/d29f59051d3a07b81281b2df2b8c9dfe4716067f"
}
],
"title": "ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48702",
"datePublished": "2024-05-03T15:13:10.363Z",
"dateReserved": "2024-05-03T14:55:07.146Z",
"dateUpdated": "2024-08-03T15:17:55.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48698
Vulnerability from cvelistv5
Published
2024-05-03 15:11
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
drm/amd/display: fix memory leak when using debugfs_lookup()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T20:32:35.974664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T20:33:18.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58acd2ebae034db3bacf38708f508fbd12ae2e54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a6279d243cb035eaaff1450980b40cf19748f05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbfac7fa491651c57926c99edeb7495c6c1aeac2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "58acd2ebae03",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "3a6279d243cb",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "cbfac7fa4916",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix memory leak when using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. Fix this up by properly\ncalling dput()."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:11:32.878Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/58acd2ebae034db3bacf38708f508fbd12ae2e54"
},
{
"url": "https://git.kernel.org/stable/c/3a6279d243cb035eaaff1450980b40cf19748f05"
},
{
"url": "https://git.kernel.org/stable/c/cbfac7fa491651c57926c99edeb7495c6c1aeac2"
}
],
"title": "drm/amd/display: fix memory leak when using debugfs_lookup()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48698",
"datePublished": "2024-05-03T15:11:37.455Z",
"dateReserved": "2024-05-03T14:55:07.145Z",
"dateUpdated": "2024-08-03T15:17:55.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.