CVE-2022-48974
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/10/2024
Last modified:
25/10/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
netfilter: conntrack: fix using __this_cpu_add in preemptible<br />
<br />
Currently in nf_conntrack_hash_check_insert(), when it fails in<br />
nf_ct_ext_valid_pre/post(), NF_CT_STAT_INC() will be called in the<br />
preemptible context, a call trace can be triggered:<br />
<br />
BUG: using __this_cpu_add() in preemptible [00000000] code: conntrack/1636<br />
caller is nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]<br />
Call Trace:<br />
<br />
dump_stack_lvl+0x33/0x46<br />
check_preemption_disabled+0xc3/0xf0<br />
nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]<br />
ctnetlink_create_conntrack+0x3cd/0x4e0 [nf_conntrack_netlink]<br />
ctnetlink_new_conntrack+0x1c0/0x450 [nf_conntrack_netlink]<br />
nfnetlink_rcv_msg+0x277/0x2f0 [nfnetlink]<br />
netlink_rcv_skb+0x50/0x100<br />
nfnetlink_rcv+0x65/0x144 [nfnetlink]<br />
netlink_unicast+0x1ae/0x290<br />
netlink_sendmsg+0x257/0x4f0<br />
sock_sendmsg+0x5f/0x70<br />
<br />
This patch is to fix it by changing to use NF_CT_STAT_INC_ATOMIC() for<br />
nf_ct_ext_valid_pre/post() check in nf_conntrack_hash_check_insert(),<br />
as well as nf_ct_ext_valid_post() in __nf_conntrack_confirm().<br />
<br />
Note that nf_ct_ext_valid_pre() check in __nf_conntrack_confirm() is<br />
safe to use NF_CT_STAT_INC(), as it&#39;s under local_bh_disable().
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.19 (including) | 6.0.13 (excluding) |
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page