CVE-2022-48699

Kuyo reports that the pattern of using debugfsremove(debugfslookup()) leaks a dentry and with a hotplug stress test, the machine eventually runs out of memory.

Fix this up by using the newly created debugfslookupand_remove() call instead which properly handles the dentry reference counting logic.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3b87f136f8fccddf7da016ab7d04bb3cf9b180f0

Fixed

26e9a1ded8923510e5529fbb28390b22228700c2

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3b87f136f8fccddf7da016ab7d04bb3cf9b180f0

Fixed

0c32a93963e03c03e561d5a066eedad211880ba3

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3b87f136f8fccddf7da016ab7d04bb3cf9b180f0

Fixed

c2e406596571659451f4b95e37ddfd5a8ef1d0dc

Affected versions

v5.*

v5.12

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.66

v5.15.67

v5.15.7

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v5.19.1

v5.19.2

v5.19.3

v5.19.4

v5.19.5

v5.19.6

v5.19.7

v5.19.8

v6.*

v6.0-rc1

v6.0-rc2

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@26e9a1ded8923510e5529fbb28390b22228700c2",
        "target": {
            "file": "kernel/sched/debug.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-48699-20543b9f",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "335682554519038736777805701924133760336",
                "218003420231430538189937597886040161107",
                "178672094163537652111454269795082152830",
                "244770854602130643603617068023913217466"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c32a93963e03c03e561d5a066eedad211880ba3",
        "target": {
            "file": "kernel/sched/debug.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-48699-28c48a66",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "335682554519038736777805701924133760336",
                "218003420231430538189937597886040161107",
                "178672094163537652111454269795082152830",
                "244770854602130643603617068023913217466"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c2e406596571659451f4b95e37ddfd5a8ef1d0dc",
        "target": {
            "file": "kernel/sched/debug.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-48699-2a54935e",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "335682554519038736777805701924133760336",
                "218003420231430538189937597886040161107",
                "178672094163537652111454269795082152830",
                "244770854602130643603617068023913217466"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c32a93963e03c03e561d5a066eedad211880ba3",
        "target": {
            "function": "update_sched_domain_debugfs",
            "file": "kernel/sched/debug.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-48699-3615ff7f",
        "signature_type": "Function",
        "digest": {
            "length": 738.0,
            "function_hash": "180332699981170611208714434687332266618"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@26e9a1ded8923510e5529fbb28390b22228700c2",
        "target": {
            "function": "update_sched_domain_debugfs",
            "file": "kernel/sched/debug.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-48699-4d4b1617",
        "signature_type": "Function",
        "digest": {
            "length": 738.0,
            "function_hash": "180332699981170611208714434687332266618"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c2e406596571659451f4b95e37ddfd5a8ef1d0dc",
        "target": {
            "function": "update_sched_domain_debugfs",
            "file": "kernel/sched/debug.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-48699-653a0237",
        "signature_type": "Function",
        "digest": {
            "length": 738.0,
            "function_hash": "180332699981170611208714434687332266618"
        }
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.13.0

Fixed

5.15.68

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.19.9