Lucene search

LinuxCVE-2022-48939

HistoryAug 22, 2024 - 4:15 a.m.

CVE-2022-48939

2024-08-2204:15:17

CWE-834

Linux

web.nvd.nist.gov

linux kernel

vulnerability

cve-2022-48939

schedule points

batch operations

soft lockups

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.9

Confidence

Low

EPSS

Percentile

16.4%

JSON

In the Linux kernel, the following vulnerability has been resolved:

bpf: Add schedule points in batch ops

syzbot reported various soft lockups caused by bpf batch operations.

INFO: task kworker/1:1:27 blocked for more than 140 seconds.
INFO: task hung in rcu_barrier

Nothing prevents batch ops to process huge amount of data,
we need to add schedule points in them.

Note that maybe_wait_bpf_programs(map) calls from
generic_map_delete_batch() can be factorized by moving
the call after the loop.

This will be done later in -next tree once we get this fix merged,
unless there is strong opinion doing this optimization sooner.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange5.6–5.10.103

linuxlinux_kernelRange5.11–5.15.26

linuxlinux_kernelRange5.16–5.16.12

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/bpf/syscall.c"
    ],
    "versions": [
      {
        "version": "aa2e93b8e58e",
        "lessThan": "7ef94bfb08fb",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "aa2e93b8e58e",
        "lessThan": "8628f489b749",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "aa2e93b8e58e",
        "lessThan": "7e8099967d0e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "aa2e93b8e58e",
        "lessThan": "75134f16e7dd",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/bpf/syscall.c"
    ],
    "versions": [
      {
        "version": "5.6",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.6",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.103",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.26",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.12",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]