CVE-2022-48931

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48931
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48931.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48931
Downstream
Related
Published
2024-08-22T04:15:16Z
Modified
2025-08-09T19:01:27Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

configfs: fix a race in configfs{,un}registersubsystem()

When configfsregistersubsystem() or configfsunregistersubsystem() is executing linkgroup() or unlinkgroup(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic.

One of cases is: A --> B --> C --> D A <-- B <-- C <-- D

 delete list_head *B        |      delete list_head *C

--------------------------------|----------------------------------- configfsunregistersubsystem | configfsunregistersubsystem unlinkgroup | unlinkgroup unlinkobj | unlinkobj listdelinit | listdelinit _listdelentry | _listdelentry _listdel | _listdel // next == C | next->prev = prev | | next->prev = prev prev->next = next | | // prev == B | prev->next = next

Fix this by adding mutex when calling linkgroup() or unlinkgroup(), but parent configfssubsystem is NULL when configitem is root. So I create a mutex configfssubsystemmutex.

References

Affected packages