CVE-2022-48976
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48976
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48976.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-48976
- Related
- Published
- 2024-10-21T20:15:09Z
- Modified
- 2024-10-25T18:47:40Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtableoffload: fix using _thiscpuadd in preemptible
flowoffloadqueuework() can be called in workqueue without bh disabled, like the call trace showed in my actct testing, calling NFFLOWTABLESTATINC() there would cause a call trace:
BUG: using _thiscpuadd() in preemptible [00000000] code: kworker/u4:0/138560 caller is flowoffloadqueuework+0xec/0x1b0 [nfflowtable] Workqueue: actctworkqueue tcfctflowtablecleanupwork [actct] Call Trace: <TASK> dumpstacklvl+0x33/0x46 checkpreemptiondisabled+0xc3/0xf0 flowoffloadqueuework+0xec/0x1b0 [nfflowtable] nfflowtableiterate+0x138/0x170 [nfflowtable] nfflowtablefree+0x140/0x1a0 [nfflowtable] tcfctflowtablecleanupwork+0x2f/0x2b0 [actct] processonework+0x6a3/0x1030 workerthread+0x8a/0xdf0
This patch fixes it by using NFFLOWTABLESTATINCATOMIC() instead in flowoffloadqueuework().
Note that for FLOWCLSREPLACE branch in flowoffloadqueuework(), it may not be called in preemptible path, but it's good to use NFFLOWTABLESTATINCATOMIC() for all cases in flowoffloadqueue_work().
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source