CVE-2022-48858

CVE-2022-48858

Título es
CVE-2022-48858

Mar, 16/07/2024 – 13:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2022-48858

Descripción en
In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix a race on command flush flow

Fix a refcount use after free warning due to a race on command entry.
Such race occurs when one of the commands releases its last refcount and
frees its index and entry while another process running command flush
flow takes refcount to this command entry. The process which handles
commands flush may see this command as needed to be flushed if the other
process released its refcount but didn't release the index yet. Fix it
by adding the needed spin lock.

It fixes the following warning trace:

refcount_t: addition on 0; use-after-free.
WARNING: CPU: 11 PID: 540311 at lib/refcount.c:25 refcount_warn_saturate+0x80/0xe0

RIP: 0010:refcount_warn_saturate+0x80/0xe0

Call Trace:

mlx5_cmd_trigger_completions+0x293/0x340 [mlx5_core]
mlx5_cmd_flush+0x3a/0xf0 [mlx5_core]
enter_error_state+0x44/0x80 [mlx5_core]
mlx5_fw_fatal_reporter_err_work+0x37/0xe0 [mlx5_core]
process_one_work+0x1be/0x390
worker_thread+0x4d/0x3d0
? rescuer_thread+0x350/0x350
kthread+0x141/0x160
? set_kthread_struct+0x40/0x40
ret_from_fork+0x1f/0x30

16/07/2024
16/07/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://git.kernel.org/stable/c/0401bfb27a91d7bdd74b1635c1aae57cbb128da6

  • https://git.kernel.org/stable/c/063bd355595428750803d8736a9bb7c8db67d42d

  • https://git.kernel.org/stable/c/1a4017926eeea56c7540cc41b42106746ee8a0ee

  • https://git.kernel.org/stable/c/7c519f769f555ff7d9d4ccba3497bbb589df360a

  • https://git.kernel.org/stable/c/f3331bc17449f15832c31823f27573f4c0e13e5f

    • Enviar en el boletín
    Off

    Jose Alexis Correa Valencia

    Consultor de sistemas informáticos avanzados con más de 25 años de experiencia en el sector privado. Su carrera se ha enfocado en el análisis y diseño de sistemas, la instalación y configuración de hardware y software, así como en la administración de redes para diversas empresas. Además, ha tenido el privilegio de ser capacitador en temáticas avanzadas, especializándose en el manejo de datos en línea, la seguridad de transacciones y los multimedios.

    Ver todas las entradas