CVE-2022-48937

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48937
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48937.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48937
Related
Published
2024-08-22T04:15:17Z
Modified
2024-09-18T03:22:40.335062Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

iouring: add a schedule point in ioadd_buffers()

Looping ~65535 times doing kmalloc() calls can trigger soft lockups, especially with DEBUG features (like KASAN).

[ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! [b219417889:12575] [ 253.544433] Modules linked in: vfat fat i2cmuxpca954x i2cmux spidev cdcacm xhcipci xhcihcd sha3generic gq(O) [ 253.544451] CPU: 64 PID: 12575 Comm: b219417889 Tainted: G S O 5.17.0-smp-DEV #801 [ 253.544457] RIP: 0010:kerneltextaddress (./include/asm-generic/sections.h:192 ./include/linux/kallsyms.h:29 kernel/extable.c:67 kernel/extable.c:98) [ 253.544464] Code: 0f 93 c0 48 c7 c1 e0 63 d7 a4 48 39 cb 0f 92 c1 20 c1 0f b6 c1 5b 5d c3 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 53 48 89 fb <48> c7 c0 00 00 80 a0 41 be 01 00 00 00 48 39 c7 72 0c 48 c7 c0 40 [ 253.544468] RSP: 0018:ffff8882d8baf4c0 EFLAGS: 00000246 [ 253.544471] RAX: 1ffff1105b175e00 RBX: ffffffffa13ef09a RCX: 00000000a13ef001 [ 253.544474] RDX: ffffffffa13ef09a RSI: ffff8882d8baf558 RDI: ffffffffa13ef09a [ 253.544476] RBP: ffff8882d8baf4d8 R08: ffff8882d8baf5e0 R09: 0000000000000004 [ 253.544479] R10: ffff8882d8baf5e8 R11: ffffffffa0d59a50 R12: ffff8882eab20380 [ 253.544481] R13: ffffffffa0d59a50 R14: dffffc0000000000 R15: 1ffff1105b175eb0 [ 253.544483] FS: 00000000016d3380(0000) GS:ffff88af48c00000(0000) knlGS:0000000000000000 [ 253.544486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 253.544488] CR2: 00000000004af0f0 CR3: 00000002eabfa004 CR4: 00000000003706e0 [ 253.544491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 253.544492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 253.544494] Call Trace: [ 253.544496] <TASK> [ 253.544498] ? ioqueuesqe (fs/iouring.c:7143) [ 253.544505] kerneltextaddress (kernel/extable.c:78) [ 253.544508] unwindgetreturnaddress (arch/x86/kernel/unwindframe.c:19) [ 253.544514] archstackwalk (arch/x86/kernel/stacktrace.c:27) [ 253.544517] ? ioqueuesqe (fs/iouring.c:7143) [ 253.544521] stacktracesave (kernel/stacktrace.c:123) [ 253.544527] _kasankmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515) [ 253.544531] ? __kasankmalloc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515) [ 253.544533] ? _kasankmalloc (mm/kasan/common.c:524) [ 253.544535] ? kmemcachealloctrace (./include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544541] ? ioissuesqe (fs/iouring.c:4556 fs/iouring.c:4589 fs/iouring.c:6828) [ 253.544544] ? _ioqueuesqe (fs/iouring.c:?) [ 253.544551] _kasankmalloc (mm/kasan/common.c:524) [ 253.544553] kmemcachealloctrace (./include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544556] ? ioissuesqe (fs/iouring.c:4556 fs/iouring.c:4589 fs/iouring.c:6828) [ 253.544560] ioissuesqe (fs/iouring.c:4556 fs/iouring.c:4589 fs/iouring.c:6828) [ 253.544564] ? _kasanslaballoc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469) [ 253.544567] ? _kasanslaballoc (mm/kasan/common.c:39 mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469) [ 253.544569] ? kmemcacheallocbulk (mm/slab.h:732 mm/slab.c:3546) [ 253.544573] ? _ioallocreqrefill (fs/iouring.c:2078) [ 253.544578] ? iosubmitsqes (fs/iouring.c:7441) [ 253.544581] ? _sesysiouringenter (fs/iouring.c:10154 fs/iouring.c:10096) [ 253.544584] ? _x64sysiouringenter (fs/iouring.c:10096) [ 253.544587] ? dosyscall64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) [ 253.544590] ? entrySYSCALL64afterhwframe (??:?) [ 253.544596] _ioqueuesqe (fs/iouring.c:?) [ 253.544600] ioqueuesqe (fs/iouring.c:7143) [ 253.544603] iosubmitsqe (fs/iouring.c:?) [ 253.544608] iosubmitsqes (fs/iouring.c:?) [ 253.544612] _sesysiouringenter (fs/iouring.c:10154 fs/io_uri ---truncated---

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.103-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}