CVE-2022-48800

{"id": "CVE-2022-48800", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-07-16T12:15:04.563", "references": [{"url": "https://git.kernel.org/stable/c/3980cff6349687f73d5109f156f23cb261c24164", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b485c6f1f9f54b81443efda5f3d8a5036ba2cd91", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3980cff6349687f73d5109f156f23cb261c24164", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b485c6f1f9f54b81443efda5f3d8a5036ba2cd91", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmscan: remove deadlock due to throttling failing to make progress\n\nA soft lockup bug in kcompactd was reported in a private bugzilla with\nthe following visible in dmesg;\n\n watchdog: BUG: soft lockup - CPU#33 stuck for 26s! [kcompactd0:479]\n watchdog: BUG: soft lockup - CPU#33 stuck for 52s! [kcompactd0:479]\n watchdog: BUG: soft lockup - CPU#33 stuck for 78s! [kcompactd0:479]\n watchdog: BUG: soft lockup - CPU#33 stuck for 104s! [kcompactd0:479]\n\nThe machine had 256G of RAM with no swap and an earlier failed\nallocation indicated that node 0 where kcompactd was run was potentially\nunreclaimable;\n\n Node 0 active_anon:29355112kB inactive_anon:2913528kB active_file:0kB\n inactive_file:0kB unevictable:64kB isolated(anon):0kB isolated(file):0kB\n mapped:8kB dirty:0kB writeback:0kB shmem:26780kB shmem_thp:\n 0kB shmem_pmdmapped: 0kB anon_thp: 23480320kB writeback_tmp:0kB\n kernel_stack:2272kB pagetables:24500kB all_unreclaimable? yes\n\nVlastimil Babka investigated a crash dump and found that a task\nmigrating pages was trying to drain PCP lists;\n\n PID: 52922 TASK: ffff969f820e5000 CPU: 19 COMMAND: \"kworker/u128:3\"\n Call Trace:\n __schedule\n schedule\n schedule_timeout\n wait_for_completion\n __flush_work\n __drain_all_pages\n __alloc_pages_slowpath.constprop.114\n __alloc_pages\n alloc_migration_target\n migrate_pages\n migrate_to_node\n do_migrate_pages\n cpuset_migrate_mm_workfn\n process_one_work\n worker_thread\n kthread\n ret_from_fork\n\nThis failure is specific to CONFIG_PREEMPT=n builds. The root of the\nproblem is that kcompact0 is not rescheduling on a CPU while a task that\nhas isolated a large number of the pages from the LRU is waiting on\nkcompact0 to reschedule so the pages can be released. While\nshrink_inactive_list() only loops once around too_many_isolated, reclaim\ncan continue without rescheduling if sc->skipped_deactivate == 1 which\ncould happen if there was no file LRU and the inactive anon list was not\nlow."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: vmscan: elimina el punto muerto debido a que la aceleraci\u00f3n no logra avanzar. Se inform\u00f3 un error de bloqueo suave en kcompactd en un bugzilla privado con lo siguiente visible en dmesg; perro guardi\u00e1n: ERROR: bloqueo suave - \u00a1CPU n.\u00b0 33 bloqueada durante 26 segundos! [kcompactd0:479] perro guardi\u00e1n: ERROR: bloqueo suave - \u00a1CPU#33 bloqueada durante 52 segundos! [kcompactd0:479] perro guardi\u00e1n: ERROR: bloqueo suave - \u00a1CPU#33 bloqueada durante 78 segundos! [kcompactd0:479] perro guardi\u00e1n: ERROR: bloqueo suave - \u00a1CPU#33 bloqueada durante 104! [kcompactd0:479] La m\u00e1quina ten\u00eda 256 GB de RAM sin intercambio y una asignaci\u00f3n fallida anterior indic\u00f3 que el nodo 0 donde se ejecutaba kcompactd era potencialmente no recuperable; Nodo 0 active_anon:29355112kB inactive_anon:2913528kB active_file:0kB inactive_file:0kB inevitable:64kB aislado(anon):0kB aislado(archivo):0kB mapeado:8kB sucio:0kB escritura regresiva:0kB shmem:26780kB shmem_thp: 0kB shmem_pmdmapped : 0kB anon_thp: 23480320kB writeback_tmp:0kB kernel_stack:2272kB tablas de p\u00e1ginas:24500kB \u00bftodo_unreclamable? s\u00ed, Vlastimil Babka investig\u00f3 un volcado de memoria y descubri\u00f3 que una tarea que migraba p\u00e1ginas intentaba drenar las listas de PCP; PID: 52922 TAREA: ffff969f820e5000 CPU: 19 COMANDO: \"kworker/u128:3\" Seguimiento de llamadas: __schedule Schedule Schedule_timeout wait_for_completion __flush_work __drain_all_pages __alloc_pages_slowpath.constprop.114 __alloc_pages alloc_migration_target migrar_pages to_node do_migrate_pages cpuset_migrate_mm_workfn process_one_work trabajador_thread kthread ret_from_fork Este error es espec\u00edfico de CONFIG_PREEMPT=n construye. La ra\u00edz del problema es que kcompact0 no se reprograma en una CPU mientras una tarea que ha aislado una gran cantidad de p\u00e1ginas de la LRU est\u00e1 esperando que kcompact0 se reprograme para que las p\u00e1ginas puedan liberarse. Mientras que Shrink_inactive_list() solo realiza un bucle alrededor de too_many_isolated, la recuperaci\u00f3n puede continuar sin reprogramar si sc->skipped_deactivate == 1, lo que podr\u00eda suceder si no hubiera ning\u00fan archivo LRU y la lista de an\u00f3nimos inactivos no fuera baja."}], "lastModified": "2024-11-21T07:34:06.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "679523BA-1392-404B-AB85-F5A5408B1ECC", "versionEndExcluding": "5.16.10", "versionStartIncluding": "5.16"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}