CVE-2022-49420

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: annotate races around sk-&gt;sk_bound_dev_if<br /> <br /> UDP sendmsg() is lockless, and reads sk-&gt;sk_bound_dev_if while<br /> this field can be changed by another thread.<br /> <br /> Adds minimal annotations to avoid KCSAN splats for UDP.<br /> Following patches will add more annotations to potential lockless readers.<br /> <br /> BUG: KCSAN: data-race in __ip6_datagram_connect / udpv6_sendmsg<br /> <br /> write to 0xffff888136d47a94 of 4 bytes by task 7681 on cpu 0:<br /> __ip6_datagram_connect+0x6e2/0x930 net/ipv6/datagram.c:221<br /> ip6_datagram_connect+0x2a/0x40 net/ipv6/datagram.c:272<br /> inet_dgram_connect+0x107/0x190 net/ipv4/af_inet.c:576<br /> __sys_connect_file net/socket.c:1900 [inline]<br /> __sys_connect+0x197/0x1b0 net/socket.c:1917<br /> __do_sys_connect net/socket.c:1927 [inline]<br /> __se_sys_connect net/socket.c:1924 [inline]<br /> __x64_sys_connect+0x3d/0x50 net/socket.c:1924<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> <br /> read to 0xffff888136d47a94 of 4 bytes by task 7670 on cpu 1:<br /> udpv6_sendmsg+0xc60/0x16e0 net/ipv6/udp.c:1436<br /> inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:652<br /> sock_sendmsg_nosec net/socket.c:705 [inline]<br /> sock_sendmsg net/socket.c:725 [inline]<br /> ____sys_sendmsg+0x39a/0x510 net/socket.c:2413<br /> ___sys_sendmsg net/socket.c:2467 [inline]<br /> __sys_sendmmsg+0x267/0x4c0 net/socket.c:2553<br /> __do_sys_sendmmsg net/socket.c:2582 [inline]<br /> __se_sys_sendmmsg net/socket.c:2579 [inline]<br /> __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> <br /> value changed: 0x00000000 -&gt; 0xffffff9b<br /> <br /> Reported by Kernel Concurrency Sanitizer on:<br /> CPU: 1 PID: 7670 Comm: syz-executor.3 Tainted: G W 5.18.0-rc1-syzkaller-dirty #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011<br /> <br /> I chose to not add Fixes: tag because race has minor consequences<br /> and stable teams busy enough.