Showing 1 - 5 of 5

CVE-2022-48674

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIG_SMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30 Read of size 8 at addr ffff8881094223f8 by task stress/7789 CPU: 0 PID: 7789 Comm: stress Not tainted 6.0.0-rc1-00002-g0d53d2e882f9 #3 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 Call Trace: <TASK> .. __mutex_lock+0xe5/0xc30 .. z_erofs_do_read_page+0x8ce/0x1560 .. z_erofs_readahead+0x31c/0x580 .. Freed by task 7787 kasan_save_stack+0x1e/0x40 kasan_set_track+0x20/0x30 kasan_set_free_info+0x20/0x40 __kasan_slab_free+0x10c/0x190 kmem_cache_free+0xed/0x380 rcu_core+0x3d5/0xc90 __do_softirq+0x12d/0x389 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x97/0xb0 call_rcu+0x3d/0x3f0 erofs_shrink_workstation+0x11f/0x210 erofs_shrink_scan+0xdc/0x170 shrink_slab.constprop.0+0x296/0x530 drop_slab+0x1c/0x70 drop_caches_sysctl_handler+0x70/0x80 proc_sys_call_handler+0x20a/0x2f0 vfs_write+0x555/0x6c0 ksys_write+0xbe/0x160 do_syscall_64+0x3b/0x90 The root cause is that erofs_workgroup_unfreeze() doesn't reset to orig_val thus it causes a race that the pcluster reuses unexpectedly before freeing. Since UP platforms are quite rare now, such path becomes unnecessary. Let's drop such specific-designed path directly instead.

Related Files

Ubuntu Security Notice USN-6951-4: Posted Aug 22, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6951-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, kernel; systems | linux, ubuntu; advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886; SHA-256 | 2e3a6db3903dd7ff1828623ddc100aac2e91d93abaa3a75a243873864d1eb7e3; Download | Favorite | View

Ubuntu Security Notice USN-6951-3: Posted Aug 20, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6951-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, kernel; systems | linux, ubuntu; advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886; SHA-256 | 8c1f01b0663bf22998e19385fae707029ea2e6973bc55394b2ca20ee8e51eff8; Download | Favorite | View

Ubuntu Security Notice USN-6951-2: Posted Aug 15, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6951-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, kernel; systems | linux, ubuntu; advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886; SHA-256 | 40333bcb6bfcef7ef0b04b1f7dd14dc7bd1927d82916fa3e2c056ec935a480dd; Download | Favorite | View

Ubuntu Security Notice USN-6953-1: Posted Aug 9, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6953-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, kernel; systems | linux, ubuntu; advisories | CVE-2021-47131, CVE-2022-48655, CVE-2022-48674, CVE-2023-52434, CVE-2023-52882, CVE-2024-26583, CVE-2024-26907, CVE-2024-27398, CVE-2024-27401, CVE-2024-33621, CVE-2024-35976, CVE-2024-36016, CVE-2024-36017, CVE-2024-36270; SHA-256 | b1ed67fee33b4917c2d819ae313e1d458b7c4e2db993a5cf83d2ec6c6b54d6dd; Download | Favorite | View

Ubuntu Security Notice USN-6951-1: Posted Aug 9, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6951-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.; tags | advisory, kernel; systems | linux, ubuntu; advisories | CVE-2022-48674, CVE-2023-52434, CVE-2023-52752, CVE-2024-27398, CVE-2024-27401, CVE-2024-31076, CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014, CVE-2024-36015, CVE-2024-36286, CVE-2024-36883, CVE-2024-36886; SHA-256 | 1b2472c9b386990fb946c9155e64b258ce63d178132ad4b837e17958bee5634b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 276 files
indoushka 97 files
Ubuntu 90 files
LiquidWorm 22 files
Debian 22 files
Gentoo 12 files
Google Security Research 8 files
malvuln 5 files
Emiliano Febbi 4 files
Seth Jenkins 4 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,147)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,666)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,122)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,946)
UNIX (9,470)
UnixWare (188)
Windows (6,784)
Other

CVE-2022-48674

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems