CVE-2022-48974

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: conntrack: fix using __this_cpu_add in preemptible<br /> <br /> Currently in nf_conntrack_hash_check_insert(), when it fails in<br /> nf_ct_ext_valid_pre/post(), NF_CT_STAT_INC() will be called in the<br /> preemptible context, a call trace can be triggered:<br /> <br /> BUG: using __this_cpu_add() in preemptible [00000000] code: conntrack/1636<br /> caller is nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x33/0x46<br /> check_preemption_disabled+0xc3/0xf0<br /> nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]<br /> ctnetlink_create_conntrack+0x3cd/0x4e0 [nf_conntrack_netlink]<br /> ctnetlink_new_conntrack+0x1c0/0x450 [nf_conntrack_netlink]<br /> nfnetlink_rcv_msg+0x277/0x2f0 [nfnetlink]<br /> netlink_rcv_skb+0x50/0x100<br /> nfnetlink_rcv+0x65/0x144 [nfnetlink]<br /> netlink_unicast+0x1ae/0x290<br /> netlink_sendmsg+0x257/0x4f0<br /> sock_sendmsg+0x5f/0x70<br /> <br /> This patch is to fix it by changing to use NF_CT_STAT_INC_ATOMIC() for<br /> nf_ct_ext_valid_pre/post() check in nf_conntrack_hash_check_insert(),<br /> as well as nf_ct_ext_valid_post() in __nf_conntrack_confirm().<br /> <br /> Note that nf_ct_ext_valid_pre() check in __nf_conntrack_confirm() is<br /> safe to use NF_CT_STAT_INC(), as it&amp;#39;s under local_bh_disable().