Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-48903

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/08/2024
Last modified:
12/09/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: fix relocation crash due to premature return from btrfs_commit_transaction()<br /> <br /> We are seeing crashes similar to the following trace:<br /> <br /> [38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 btrfs_relocate_block_group+0x2dc/0x340 [btrfs]<br /> [38.973556] CPU: 20 PID: 2105 Comm: btrfs Not tainted 5.17.0-rc4 #54<br /> [38.974580] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014<br /> [38.976539] RIP: 0010:btrfs_relocate_block_group+0x2dc/0x340 [btrfs]<br /> [38.980336] RSP: 0000:ffffb0dd42e03c20 EFLAGS: 00010206<br /> [38.981218] RAX: ffff96cfc4ede800 RBX: ffff96cfc3ce0000 RCX: 000000000002ca14<br /> [38.982560] RDX: 0000000000000000 RSI: 4cfd109a0bcb5d7f RDI: ffff96cfc3ce0360<br /> [38.983619] RBP: ffff96cfc309c000 R08: 0000000000000000 R09: 0000000000000000<br /> [38.984678] R10: ffff96cec0000001 R11: ffffe84c80000000 R12: ffff96cfc4ede800<br /> [38.985735] R13: 0000000000000000 R14: 0000000000000000 R15: ffff96cfc3ce0360<br /> [38.987146] FS: 00007f11c15218c0(0000) GS:ffff96d6dfb00000(0000) knlGS:0000000000000000<br /> [38.988662] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [38.989398] CR2: 00007ffc922c8e60 CR3: 00000001147a6001 CR4: 0000000000370ee0<br /> [38.990279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> [38.991219] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> [38.992528] Call Trace:<br /> [38.992854] <br /> [38.993148] btrfs_relocate_chunk+0x27/0xe0 [btrfs]<br /> [38.993941] btrfs_balance+0x78e/0xea0 [btrfs]<br /> [38.994801] ? vsnprintf+0x33c/0x520<br /> [38.995368] ? __kmalloc_track_caller+0x351/0x440<br /> [38.996198] btrfs_ioctl_balance+0x2b9/0x3a0 [btrfs]<br /> [38.997084] btrfs_ioctl+0x11b0/0x2da0 [btrfs]<br /> [38.997867] ? mod_objcg_state+0xee/0x340<br /> [38.998552] ? seq_release+0x24/0x30<br /> [38.999184] ? proc_nr_files+0x30/0x30<br /> [38.999654] ? call_rcu+0xc8/0x2f0<br /> [39.000228] ? __x64_sys_ioctl+0x84/0xc0<br /> [39.000872] ? btrfs_ioctl_get_supported_features+0x30/0x30 [btrfs]<br /> [39.001973] __x64_sys_ioctl+0x84/0xc0<br /> [39.002566] do_syscall_64+0x3a/0x80<br /> [39.003011] entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> [39.003735] RIP: 0033:0x7f11c166959b<br /> [39.007324] RSP: 002b:00007fff2543e998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010<br /> [39.008521] RAX: ffffffffffffffda RBX: 00007f11c1521698 RCX: 00007f11c166959b<br /> [39.009833] RDX: 00007fff2543ea40 RSI: 00000000c4009420 RDI: 0000000000000003<br /> [39.011270] RBP: 0000000000000003 R08: 0000000000000013 R09: 00007f11c16f94e0<br /> [39.012581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff25440df3<br /> [39.014046] R13: 0000000000000000 R14: 00007fff2543ea40 R15: 0000000000000001<br /> [39.015040] <br /> [39.015418] ---[ end trace 0000000000000000 ]---<br /> [43.131559] ------------[ cut here ]------------<br /> [43.132234] kernel BUG at fs/btrfs/extent-tree.c:2717!<br /> [43.133031] invalid opcode: 0000 [#1] PREEMPT SMP PTI<br /> [43.133702] CPU: 1 PID: 1839 Comm: btrfs Tainted: G W 5.17.0-rc4 #54<br /> [43.134863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014<br /> [43.136426] RIP: 0010:unpin_extent_range+0x37a/0x4f0 [btrfs]<br /> [43.139913] RSP: 0000:ffffb0dd4216bc70 EFLAGS: 00010246<br /> [43.140629] RAX: 0000000000000000 RBX: ffff96cfc34490f8 RCX: 0000000000000001<br /> [43.141604] RDX: 0000000080000001 RSI: 0000000051d00000 RDI: 00000000ffffffff<br /> [43.142645] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff96cfd07dca50<br /> [43.143669] R10: ffff96cfc46e8a00 R11: fffffffffffec000 R12: 0000000041d00000<br /> [43.144657] R13: ffff96cfc3ce0000 R14: ffffb0dd4216bd08 R15: 0000000000000000<br /> [43.145686] FS: 00007f7657dd68c0(0000) GS:ffff96d6df640000(0000) knlGS:0000000000000000<br /> [43.146808] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [43.147584] CR2: 00007f7fe81bf5b0 CR3: 00000001093ee004 CR4: 0000000000370ee0<br /> [43.148589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> [43.149581] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000<br /> ---truncated---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.12 (including) 5.15.27 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 5.16.13 (excluding)
cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.17:rc6:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools