In the Linux kernel, the following vulnerability has been resolved:
net/smc: Transitional solution for clcsock race issue
We encountered a crash in smc_setsockopt() and it is caused by accessing smc->clcsock after clcsock was released.
BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 50309 Comm: nginx Kdump: loaded Tainted: G E 5.16.0-rc4+ #53 RIP: 0010:smcsetsockopt+0x59/0x280 [smc] Call Trace: <TASK> _syssetsockopt+0xfc/0x190 _x64syssetsockopt+0x20/0x30 dosyscall64+0x34/0x90 entrySYSCALL64after_hwframe+0x44/0xae RIP: 0033:0x7f16ba83918e </TASK>
This patch tries to fix it by holding clcsockreleaselock and checking whether clcsock has already been released before access.
In case that a crash of the same reason happens in smcgetsockopt() or smcswitchtofallback(), this patch also checkes smc->clcsock in them too. And the caller of smcswitchto_fallback() will identify whether fallback succeeds according to the return value.
{ "vanir_signatures": [ { "digest": { "length": 760.0, "function_hash": "176529059698863738784110361992760289344" }, "target": { "function": "smc_switch_to_fallback", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4284225cd8001e134f5cf533a7cd244bbb654d0f", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-2242cca9" }, { "digest": { "length": 346.0, "function_hash": "61764039611568960826707959551749087743" }, "target": { "function": "smc_listen_decline", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-2c497fc0" }, { "digest": { "length": 735.0, "function_hash": "46434111657464290749517226094054814105" }, "target": { "function": "smc_sendmsg", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38f0bdd548fd2ef5d481b88d8a2bfef968452e34", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-319885ec" }, { "digest": { "length": 326.0, "function_hash": "82859290784578439977902643652880679501" }, "target": { "function": "smc_getsockopt", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-35aa8d0e" }, { "digest": { "length": 2227.0, "function_hash": "94920607754698961128749794132526641851" }, "target": { "function": "smc_listen_work", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-464eec1f" }, { "digest": { "length": 326.0, "function_hash": "82859290784578439977902643652880679501" }, "target": { "function": "smc_getsockopt", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4284225cd8001e134f5cf533a7cd244bbb654d0f", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-4d8690d4" }, { "digest": { "length": 346.0, "function_hash": "61764039611568960826707959551749087743" }, "target": { "function": "smc_listen_decline", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38f0bdd548fd2ef5d481b88d8a2bfef968452e34", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-63d60dac" }, { "digest": { "line_hashes": [ "192563928992493983620318000574099160371", "118179088515436610261198644649126768143", "134310356666917661126750084845877378662", "266936928344508005814768614622250355953", "286987370964424715411965644470105956166", "60899223267525395299896733617775992366", "103870871274533887260827891443502315245", "118600399218711625859271313622405647423", "32554742377072699379705600088843829629", "324321769112900344450437947069236809081", "327105578729895059186970958274107305491", "218583865655103153931524240611675062538", "86534666796092484425589760190387384874", "262009506819589361139570435766041757349", "188639503380416522984068745830830421243", "286100416735660764475818576168542069545", "100561233244398681005464474764814306138", "248939019537348664828759304932114785610", "142382500349100211674439016761656995692", "19876163864235633019414920873607016176", "162224729468175510292697112787085992988", "111673098193904179411565763610189488839", "169347497666147440362825934635647226847", "96631211177127400081884029514235628130", "34597096380833619533241268799205600373", "323412150029472822365206252246468117111", "137688713968455198747785655986865059191", "122109792651556922736522049031845336092", "77359744238985485458946118527567805794", "265107223526324013035258470687174099018", "256086162195492813235322480056892788036", "21406166557086903545903321181851906527", "268270485062837815994954610607446153685", "20287872780600734005808554410587830881", "270028993812613982733732126752783671033", "283620096214408470266400091564538370614", "53635617630757765792768157551137178389", "177159547054682782821905853611587034090", "247203652406957680043457025232294534166", "322183698954841059191830004578020913193", "302645934101549904518773222553771836576", "153821710152200353916060748622169071506", "62887451349098897223184914954963124698", "107028734883103019014384882029167851642", "178939982361174076808164477555017129026", "330550119991316500046889185631998853856", "98922022669988218470316658223676223547", "53635617630757765792768157551137178389", "144530997606573101581519617427521432549", "11422614699577497072696890118682414730", "255787207843891666993840792136489534313", "332787432468282957218063263169872465523", "94378833692787383388794146891953193004", "153353473941470817935753135186186333041", "334346809745556168967898920304803980643", "311000639134616216731815904050599382785", "107059525562025357238981369400827227206", "169644400472450643065133077640695628249" ], "threshold": 0.9 }, "target": { "file": "net/smc/af_smc.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-6b26c72f" }, { "digest": { "length": 2184.0, "function_hash": "71637284473366873776435650950635703401" }, "target": { "function": "smc_listen_work", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38f0bdd548fd2ef5d481b88d8a2bfef968452e34", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-7300e779" }, { "digest": { "length": 731.0, "function_hash": "114970279589952320439281438488744372682" }, "target": { "function": "smc_switch_to_fallback", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38f0bdd548fd2ef5d481b88d8a2bfef968452e34", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-81ce3b33" }, { "digest": { "length": 326.0, "function_hash": "82859290784578439977902643652880679501" }, "target": { "function": "smc_getsockopt", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38f0bdd548fd2ef5d481b88d8a2bfef968452e34", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-87a1db13" }, { "digest": { "length": 1626.0, "function_hash": "123317219153121674403778692745781722625" }, "target": { "function": "smc_setsockopt", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-9a9fbc3d" }, { "digest": { "length": 230.0, "function_hash": "189737973149870500545246728300152399548" }, "target": { "function": "smc_connect_fallback", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4284225cd8001e134f5cf533a7cd244bbb654d0f", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-9f088a36" }, { "digest": { "length": 735.0, "function_hash": "46434111657464290749517226094054814105" }, "target": { "function": "smc_sendmsg", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4284225cd8001e134f5cf533a7cd244bbb654d0f", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-a2f2eee8" }, { "digest": { "length": 735.0, "function_hash": "46434111657464290749517226094054814105" }, "target": { "function": "smc_sendmsg", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-ad6ef04c" }, { "digest": { "length": 230.0, "function_hash": "189737973149870500545246728300152399548" }, "target": { "function": "smc_connect_fallback", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-ae37ebe6" }, { "digest": { "line_hashes": [ "192563928992493983620318000574099160371", "118179088515436610261198644649126768143", "134310356666917661126750084845877378662", "266936928344508005814768614622250355953", "286987370964424715411965644470105956166", "60899223267525395299896733617775992366", "103870871274533887260827891443502315245", "118600399218711625859271313622405647423", "32554742377072699379705600088843829629", "324321769112900344450437947069236809081", "327105578729895059186970958274107305491", "218583865655103153931524240611675062538", "86534666796092484425589760190387384874", "262009506819589361139570435766041757349", "188639503380416522984068745830830421243", "286100416735660764475818576168542069545", "100561233244398681005464474764814306138", "248939019537348664828759304932114785610", "142382500349100211674439016761656995692", "19876163864235633019414920873607016176", "162224729468175510292697112787085992988", "111673098193904179411565763610189488839", "169347497666147440362825934635647226847", "96631211177127400081884029514235628130", "34597096380833619533241268799205600373", "323412150029472822365206252246468117111", "137688713968455198747785655986865059191", "122109792651556922736522049031845336092", "77359744238985485458946118527567805794", "265107223526324013035258470687174099018", "256086162195492813235322480056892788036", "21406166557086903545903321181851906527", "268270485062837815994954610607446153685", "20287872780600734005808554410587830881", "270028993812613982733732126752783671033", "283620096214408470266400091564538370614", "53635617630757765792768157551137178389", "177159547054682782821905853611587034090", "247203652406957680043457025232294534166", "322183698954841059191830004578020913193", "302645934101549904518773222553771836576", "153821710152200353916060748622169071506", "62887451349098897223184914954963124698", "107028734883103019014384882029167851642", "178939982361174076808164477555017129026", "330550119991316500046889185631998853856", "98922022669988218470316658223676223547", "53635617630757765792768157551137178389", "144530997606573101581519617427521432549", "11422614699577497072696890118682414730", "255787207843891666993840792136489534313", "332787432468282957218063263169872465523", "94378833692787383388794146891953193004", "153353473941470817935753135186186333041", "334346809745556168967898920304803980643", "311000639134616216731815904050599382785", "107059525562025357238981369400827227206", "169644400472450643065133077640695628249" ], "threshold": 0.9 }, "target": { "file": "net/smc/af_smc.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38f0bdd548fd2ef5d481b88d8a2bfef968452e34", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-b11ced2b" }, { "digest": { "length": 346.0, "function_hash": "61764039611568960826707959551749087743" }, "target": { "function": "smc_listen_decline", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4284225cd8001e134f5cf533a7cd244bbb654d0f", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-b4c18c63" }, { "digest": { "length": 1626.0, "function_hash": "123317219153121674403778692745781722625" }, "target": { "function": "smc_setsockopt", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4284225cd8001e134f5cf533a7cd244bbb654d0f", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-b9794898" }, { "digest": { "length": 230.0, "function_hash": "189737973149870500545246728300152399548" }, "target": { "function": "smc_connect_fallback", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38f0bdd548fd2ef5d481b88d8a2bfef968452e34", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-cea2d5ad" }, { "digest": { "length": 760.0, "function_hash": "176529059698863738784110361992760289344" }, "target": { "function": "smc_switch_to_fallback", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-df6f72b3" }, { "digest": { "line_hashes": [ "192563928992493983620318000574099160371", "118179088515436610261198644649126768143", "134310356666917661126750084845877378662", "266936928344508005814768614622250355953", "286987370964424715411965644470105956166", "60899223267525395299896733617775992366", "103870871274533887260827891443502315245", "118600399218711625859271313622405647423", "32554742377072699379705600088843829629", "324321769112900344450437947069236809081", "327105578729895059186970958274107305491", "218583865655103153931524240611675062538", "86534666796092484425589760190387384874", "262009506819589361139570435766041757349", "188639503380416522984068745830830421243", "286100416735660764475818576168542069545", "100561233244398681005464474764814306138", "248939019537348664828759304932114785610", "142382500349100211674439016761656995692", "19876163864235633019414920873607016176", "162224729468175510292697112787085992988", "111673098193904179411565763610189488839", "169347497666147440362825934635647226847", "96631211177127400081884029514235628130", "34597096380833619533241268799205600373", "323412150029472822365206252246468117111", "137688713968455198747785655986865059191", "122109792651556922736522049031845336092", "77359744238985485458946118527567805794", "265107223526324013035258470687174099018", "256086162195492813235322480056892788036", "21406166557086903545903321181851906527", "268270485062837815994954610607446153685", "20287872780600734005808554410587830881", "270028993812613982733732126752783671033", "283620096214408470266400091564538370614", "53635617630757765792768157551137178389", "177159547054682782821905853611587034090", "247203652406957680043457025232294534166", "322183698954841059191830004578020913193", "302645934101549904518773222553771836576", "153821710152200353916060748622169071506", "62887451349098897223184914954963124698", "107028734883103019014384882029167851642", "178939982361174076808164477555017129026", "330550119991316500046889185631998853856", "98922022669988218470316658223676223547", "53635617630757765792768157551137178389", "144530997606573101581519617427521432549", "11422614699577497072696890118682414730", "255787207843891666993840792136489534313", "332787432468282957218063263169872465523", "94378833692787383388794146891953193004", "153353473941470817935753135186186333041", "334346809745556168967898920304803980643", "311000639134616216731815904050599382785", "107059525562025357238981369400827227206", "169644400472450643065133077640695628249" ], "threshold": 0.9 }, "target": { "file": "net/smc/af_smc.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4284225cd8001e134f5cf533a7cd244bbb654d0f", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-e5aeea21" }, { "digest": { "length": 1626.0, "function_hash": "123317219153121674403778692745781722625" }, "target": { "function": "smc_setsockopt", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38f0bdd548fd2ef5d481b88d8a2bfef968452e34", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-f4d1806a" }, { "digest": { "length": 2227.0, "function_hash": "94920607754698961128749794132526641851" }, "target": { "function": "smc_listen_work", "file": "net/smc/af_smc.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4284225cd8001e134f5cf533a7cd244bbb654d0f", "deprecated": false, "signature_version": "v1", "id": "CVE-2022-48751-fcc0a44c" } ] }