CVE-2022-48671

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48671
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48671.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48671
Downstream
Related
Published
2024-05-03T14:50:23.558Z
Modified
2025-11-19T12:38:39.670837Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
Details

In the Linux kernel, the following vulnerability has been resolved:

cgroup: Add missing cpusreadlock() to cgroupattachtask_all()

syzbot is hitting percpurwsemassertheld(&cpuhotpluglock) warning at cpusetattach() [1], for commit 4f7e7236435ca0ab ("cgroup: Fix threadgrouprwsem <-> cpusreadlock() deadlock") missed that cpusetattach() is also called from cgroupattachtaskall(). Add cpusreadlock() like what cgroupprocswritestart() does.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e446300968c6bd25d9cd6c33b9600780a39b3975
Fixed
321488cfac7d0eb6d97de467015ff754f85813ff
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
59c6902a96b4439e07c25ef86a4593bea5481c3b
Fixed
07191f984842d50020789ff14c75da436a7f46a9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dee1e2b18cf5426eed985512ccc6636ec69dbdd6
Fixed
9f267393b036f1470fb12fb892d59e7ff8aeb58d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3bf4bf54069f9b62a54988e5d085023c17a66c90
Fixed
5db17805b6ba4c34dab303f49aea3562fc25af75
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c0deb027c99c099aa6b831e326bfba802b25e774
Fixed
99bc25748e394d17f9e8b10cc7f273b8e64c1c7e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4f7e7236435ca0abe005c674ebd6892c6e83aeb3
Fixed
43626dade36fa74d3329046f4ae2d7fdefe401c6

Affected versions

v5.*

v5.10.143
v5.10.144
v5.15.68
v5.15.69
v5.19.10
v5.19.9
v5.4.213
v5.4.214

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "303188937433754210024151070993501779506",
                "305248952126220394430862485589678416269",
                "323373086524899501686940646732207213329",
                "94951747250617309421363145818797619955",
                "270775309127768204922062638478545043809",
                "138476793633101490292668424369299526043",
                "248991778604469373638484093563749915013",
                "327676054232727696654136748738821693674"
            ]
        },
        "id": "CVE-2022-48671-0b843778",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5db17805b6ba4c34dab303f49aea3562fc25af75",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c",
            "function": "cgroup_attach_task_all"
        },
        "digest": {
            "length": 473.0,
            "function_hash": "252306520383445713572297765986971473674"
        },
        "id": "CVE-2022-48671-14bc4650",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07191f984842d50020789ff14c75da436a7f46a9",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "213698636076369787076791046692652463305",
                "321926629874068492231064346277474239510",
                "201645042691896314168532212757343533019",
                "203738293534595238481059997069581929092",
                "303188937433754210024151070993501779506",
                "305248952126220394430862485589678416269",
                "323373086524899501686940646732207213329",
                "94951747250617309421363145818797619955",
                "270775309127768204922062638478545043809",
                "138476793633101490292668424369299526043",
                "248991778604469373638484093563749915013",
                "327676054232727696654136748738821693674"
            ]
        },
        "id": "CVE-2022-48671-2fd5fd5d",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@321488cfac7d0eb6d97de467015ff754f85813ff",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "193320947375582635182915660876871988819",
                "326031395324114160085472470560318800070",
                "278555958353952075218691584845307926586",
                "251125244901559151536804692505418683760",
                "303188937433754210024151070993501779506",
                "305248952126220394430862485589678416269",
                "323373086524899501686940646732207213329",
                "94951747250617309421363145818797619955",
                "270775309127768204922062638478545043809",
                "138476793633101490292668424369299526043",
                "248991778604469373638484093563749915013",
                "327676054232727696654136748738821693674"
            ]
        },
        "id": "CVE-2022-48671-2fe65985",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07191f984842d50020789ff14c75da436a7f46a9",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "303188937433754210024151070993501779506",
                "305248952126220394430862485589678416269",
                "323373086524899501686940646732207213329",
                "94951747250617309421363145818797619955",
                "270775309127768204922062638478545043809",
                "138476793633101490292668424369299526043",
                "248991778604469373638484093563749915013",
                "327676054232727696654136748738821693674"
            ]
        },
        "id": "CVE-2022-48671-345de14d",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99bc25748e394d17f9e8b10cc7f273b8e64c1c7e",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c",
            "function": "cgroup_attach_task_all"
        },
        "digest": {
            "length": 432.0,
            "function_hash": "217813135555359274763240775230482787542"
        },
        "id": "CVE-2022-48671-7dd36695",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99bc25748e394d17f9e8b10cc7f273b8e64c1c7e",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "303188937433754210024151070993501779506",
                "305248952126220394430862485589678416269",
                "323373086524899501686940646732207213329",
                "94951747250617309421363145818797619955",
                "270775309127768204922062638478545043809",
                "138476793633101490292668424369299526043",
                "248991778604469373638484093563749915013",
                "327676054232727696654136748738821693674"
            ]
        },
        "id": "CVE-2022-48671-82aa6db8",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@43626dade36fa74d3329046f4ae2d7fdefe401c6",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c",
            "function": "cgroup_attach_task_all"
        },
        "digest": {
            "length": 432.0,
            "function_hash": "217813135555359274763240775230482787542"
        },
        "id": "CVE-2022-48671-c63a15ed",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@43626dade36fa74d3329046f4ae2d7fdefe401c6",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c",
            "function": "cgroup_attach_task_all"
        },
        "digest": {
            "length": 473.0,
            "function_hash": "252306520383445713572297765986971473674"
        },
        "id": "CVE-2022-48671-ca23afe5",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f267393b036f1470fb12fb892d59e7ff8aeb58d",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "303188937433754210024151070993501779506",
                "305248952126220394430862485589678416269",
                "323373086524899501686940646732207213329",
                "94951747250617309421363145818797619955",
                "270775309127768204922062638478545043809",
                "138476793633101490292668424369299526043",
                "248991778604469373638484093563749915013",
                "327676054232727696654136748738821693674"
            ]
        },
        "id": "CVE-2022-48671-eb3260b5",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f267393b036f1470fb12fb892d59e7ff8aeb58d",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c",
            "function": "cgroup_attach_task_all"
        },
        "digest": {
            "length": 473.0,
            "function_hash": "252306520383445713572297765986971473674"
        },
        "id": "CVE-2022-48671-f7b083bc",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@321488cfac7d0eb6d97de467015ff754f85813ff",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "kernel/cgroup/cgroup-v1.c",
            "function": "cgroup_attach_task_all"
        },
        "digest": {
            "length": 473.0,
            "function_hash": "252306520383445713572297765986971473674"
        },
        "id": "CVE-2022-48671-fa28ed33",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5db17805b6ba4c34dab303f49aea3562fc25af75",
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.4.213
Fixed
5.4.215
Type
ECOSYSTEM
Events
Introduced
5.10.143
Fixed
5.10.145
Type
ECOSYSTEM
Events
Introduced
5.15.68
Fixed
5.15.70
Type
ECOSYSTEM
Events
Introduced
5.19.9
Fixed
5.19.11