In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix a race on command flush flow
Fix a refcount use after free warning due to a race on command entry.
Such race occurs when one of the commands releases its last refcount and
frees its index and entry while another process running command flush
flow takes refcount to this command entry. The process which handles
commands flush may see this command as needed to be flushed if the other
process released its refcount but didn't release the index yet. Fix it
by adding the needed spin lock.
It fixes the following warning trace:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 11 PID: 540311 at lib/refcount.c:25 refcount_warn_saturate+0x80/0xe0
...
RIP: 0010:refcount_warn_saturate+0x80/0xe0
...
Call Trace:
<TASK>
mlx5_cmd_trigger_completions+0x293/0x340 [mlx5_core]
mlx5_cmd_flush+0x3a/0xf0 [mlx5_core]
enter_error_state+0x44/0x80 [mlx5_core]
mlx5_fw_fatal_reporter_err_work+0x37/0xe0 [mlx5_core]
process_one_work+0x1be/0x390
worker_thread+0x4d/0x3d0
? rescuer_thread+0x350/0x350
kthread+0x141/0x160
? set_kthread_struct+0x40/0x40
ret_from_fork+0x1f/0x30
</TASK>
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/0401bfb27a91d7bdd74b1635c1aae57cbb128da6 - Patch | |
References | () https://git.kernel.org/stable/c/063bd355595428750803d8736a9bb7c8db67d42d - Patch | |
References | () https://git.kernel.org/stable/c/1a4017926eeea56c7540cc41b42106746ee8a0ee - Patch | |
References | () https://git.kernel.org/stable/c/7c519f769f555ff7d9d4ccba3497bbb589df360a - Patch | |
References | () https://git.kernel.org/stable/c/f3331bc17449f15832c31823f27573f4c0e13e5f - Patch |
23 Jul 2024, 15:07
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
First Time |
Linux
Linux linux Kernel |
|
CWE | CWE-362 CWE-416 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
References | () https://git.kernel.org/stable/c/0401bfb27a91d7bdd74b1635c1aae57cbb128da6 - Patch | |
References | () https://git.kernel.org/stable/c/063bd355595428750803d8736a9bb7c8db67d42d - Patch | |
References | () https://git.kernel.org/stable/c/1a4017926eeea56c7540cc41b42106746ee8a0ee - Patch | |
References | () https://git.kernel.org/stable/c/7c519f769f555ff7d9d4ccba3497bbb589df360a - Patch | |
References | () https://git.kernel.org/stable/c/f3331bc17449f15832c31823f27573f4c0e13e5f - Patch |
16 Jul 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-16 13:15
Updated : 2024-11-21 07:34
NVD link : CVE-2022-48858
Mitre link : CVE-2022-48858
CVE.ORG link : CVE-2022-48858
JSON object : View
Products Affected
linux
- linux_kernel