CVE-2022-48989

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fscache: Fix oops due to race with cookie_lru and use_cookie<br /> <br /> If a cookie expires from the LRU and the LRU_DISCARD flag is set, but<br /> the state machine has not run yet, it&amp;#39;s possible another thread can call<br /> fscache_use_cookie and begin to use it.<br /> <br /> When the cookie_worker finally runs, it will see the LRU_DISCARD flag<br /> set, transition the cookie-&gt;state to LRU_DISCARDING, which will then<br /> withdraw the cookie. Once the cookie is withdrawn the object is removed<br /> the below oops will occur because the object associated with the cookie<br /> is now NULL.<br /> <br /> Fix the oops by clearing the LRU_DISCARD bit if another thread uses the<br /> cookie before the cookie_worker runs.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000008<br /> ...<br /> CPU: 31 PID: 44773 Comm: kworker/u130:1 Tainted: G E 6.0.0-5.dneg.x86_64 #1<br /> Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022<br /> Workqueue: events_unbound netfs_rreq_write_to_cache_work [netfs]<br /> RIP: 0010:cachefiles_prepare_write+0x28/0x90 [cachefiles]<br /> ...<br /> Call Trace:<br /> netfs_rreq_write_to_cache_work+0x11c/0x320 [netfs]<br /> process_one_work+0x217/0x3e0<br /> worker_thread+0x4a/0x3b0<br /> kthread+0xd6/0x100