Lucene search
416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2022-48819HistoryJul 16, 2024 - 12:15 p.m.
CVE-2022-48819
2024-07-1612:15:05
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
2
linux kernel
vulnerability
cve-2022-48819
tcp socket
syzbot
sendmsg
sendpage
msg_zerocopy
inet_sock_destruct
sk_forward_alloc
tcp_downgrade_zcopy_pure
EPSS
0
Percentile
9.3%
In the Linux kernel, the following vulnerability has been resolved:
tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case
syzbot found that mixing sendpage() and sendmsg(MSG_ZEROCOPY)
calls over the same TCP socket would again trigger the
infamous warning in inet_sock_destruct()
WARN_ON(sk_forward_alloc_get(sk));
While Talal took into account a mix of regular copied data
and MSG_ZEROCOPY one in the same skb, the sendpage() path
has been forgotten.
We want the charging to happen for sendpage(), because
pages could be coming from a pipe. What is missing is the
downgrading of pure zerocopy status to make sure
sk_forward_alloc will stay synced.
Add tcp_downgrade_zcopy_pure() helper so that we can
use it from the two callers.
Related
redhatcve
redhatcve
CVE-2022-48819
2024-07-16 22:25:05
cvelist
cvelist
CVE-2022-48819 tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case
2024-07-16 11:44:06
ubuntucve
ubuntucve
CVE-2022-48819
2024-07-16 00:00:00
debiancve
debiancve
CVE-2022-48819
2024-07-16 12:15:05
cve
cve
CVE-2022-48819
2024-07-16 12:15:05
vulnrichment
vulnrichment
CVE-2022-48819 tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case
2024-07-16 11:44:06
osv
osv
CVE-2022-48819
2024-07-16 12:15:05