Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-48819HistoryJul 16, 2024 - 12:15 p.m.
CVE-2022-48819
2024-07-1612:15:05
Debian Security Bug Tracker
security-tracker.debian.org
6
linux
kernel
tcp
socket
vulnerability
sendpage
sendmsg
msg_zerocopy
inet_sock_destruct
sk_forward_alloc
tcp_downgrade_zcopy_pure
In the Linux kernel, the following vulnerability has been resolved: tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case syzbot found that mixing sendpage() and sendmsg(MSG_ZEROCOPY) calls over the same TCP socket would again trigger the infamous warning in inet_sock_destruct() WARN_ON(sk_forward_alloc_get(sk)); While Talal took into account a mix of regular copied data and MSG_ZEROCOPY one in the same skb, the sendpage() path has been forgotten. We want the charging to happen for sendpage(), because pages could be coming from a pipe. What is missing is the downgrading of pure zerocopy status to make sure sk_forward_alloc will stay synced. Add tcp_downgrade_zcopy_pure() helper so that we can use it from the two callers.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | < 5.16.10-1 | linux_5.16.10-1_all.deb |
| Debian | 11 | all | linux | < 5.10.223-1 | linux_5.10.223-1_all.deb |
| Debian | 999 | all | linux | < 5.16.10-1 | linux_5.16.10-1_all.deb |
| Debian | 13 | all | linux | < 5.16.10-1 | linux_5.16.10-1_all.deb |
Related
nvd
nvd
CVE-2022-48819
2024-07-16 12:15:05
redhatcve
redhatcve
CVE-2022-48819
2024-07-16 22:25:05
cvelist
cvelist
CVE-2022-48819 tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case
2024-07-16 11:44:06
ubuntucve
ubuntucve
CVE-2022-48819
2024-07-16 00:00:00
cve
cve
CVE-2022-48819
2024-07-16 12:15:05
vulnrichment
vulnrichment
CVE-2022-48819 tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case
2024-07-16 11:44:06
osv
osv
CVE-2022-48819
2024-07-16 12:15:05