416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2022-48697CVE-2022-48697
In the Linux kernel, the following vulnerability has been resolved:
nvmet: fix a use-after-free
Fix the following use-after-free complaint triggered by blktests nvme/004:
BUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350
Read of size 4 at addr 0000607bd1835943 by task kworker/13:1/460
Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop]
Call Trace:
show_stack+0x52/0x58
dump_stack_lvl+0x49/0x5e
print_report.cold+0x36/0x1e2
kasan_report+0xb9/0xf0
__asan_load4+0x6b/0x80
blk_mq_complete_request_remote+0xac/0x350
nvme_loop_queue_response+0x1df/0x275 [nvme_loop]
__nvmet_req_complete+0x132/0x4f0 [nvmet]
nvmet_req_complete+0x15/0x40 [nvmet]
nvmet_execute_io_connect+0x18a/0x1f0 [nvmet]
nvme_loop_execute_work+0x20/0x30 [nvme_loop]
process_one_work+0x56e/0xa70
worker_thread+0x2d1/0x640
kthread+0x183/0x1c0
ret_from_fork+0x1f/0x30
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/nvme/target/core.c"
],
"versions": [
{
"version": "a07b4970f464",
"lessThan": "17f121ca3ec6",
"status": "affected",
"versionType": "git"
},
{
"version": "a07b4970f464",
"lessThan": "8d66989b5f7b",
"status": "affected",
"versionType": "git"
},
{
"version": "a07b4970f464",
"lessThan": "be01f1c98875",
"status": "affected",
"versionType": "git"
},
{
"version": "a07b4970f464",
"lessThan": "ebf46da50beb",
"status": "affected",
"versionType": "git"
},
{
"version": "a07b4970f464",
"lessThan": "4484ce97a781",
"status": "affected",
"versionType": "git"
},
{
"version": "a07b4970f464",
"lessThan": "6a02a61e81c2",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/nvme/target/core.c"
],
"versions": [
{
"version": "4.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.260",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.213",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.143",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.68",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.19.9",
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.0",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]References
git.kernel.org/stable/c/17f121ca3ec6be0fb32d77c7f65362934a38cc8e
git.kernel.org/stable/c/4484ce97a78171668c402e0c45db7f760aea8060
git.kernel.org/stable/c/6a02a61e81c231cc5c680c5dbf8665275147ac52
git.kernel.org/stable/c/8d66989b5f7bb28bba2f8e1e2ffc8bfef4a10717
git.kernel.org/stable/c/be01f1c988757b95f11f090a9f491365670a522b
git.kernel.org/stable/c/ebf46da50beb78066674354ad650606a467e33fa
Related
