Amazon Linux AMI 2: CVE-2022-48850: Security patch for kernel (Multiple Advisories)

Amazon Linux AMI 2: CVE-2022-48850: Security patch for kernel (Multiple Advisories)

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

07/16/2024

Created

12/13/2024

Added

12/12/2024

Modified

01/30/2025

Description

In the Linux kernel, the following vulnerability has been resolved: net-sysfs: add check for netdevice being present to speed_show When bringing down the netdevice or system shutdown, a panic can be triggered while accessing the sysfs path because the device is already removed. [755.549084] mlx5_core 0000:12:00.1: Shutdown was called [756.404455] mlx5_core 0000:12:00.0: Shutdown was called ... [757.937260] BUG: unable to handle kernel NULL pointer dereference at (null) [758.031397] IP: [<ffffffff8ee11acb>] dma_pool_alloc+0x1ab/0x280 crash> bt ... PID: 12649TASK: ffff8924108f2100CPU: 1 COMMAND: "amsd" ... #9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778 [exception RIP: dma_pool_alloc+0x1ab] RIP: ffffffff8ee11acbRSP: ffff89240e1a3968RFLAGS: 00010046 RAX: 0000000000000246RBX: ffff89243d874100RCX: 0000000000001000 RDX: 0000000000000000RSI: 0000000000000246RDI: ffff89243d874090 RBP: ffff89240e1a39c0 R8: 000000000001f080 R9: ffff8905ffc03c00 R10: ffffffffc04680d4R11: ffffffff8edde9fdR12: 00000000000080d0 R13: ffff89243d874090R14: ffff89243d874080R15: 0000000000000000 ORIG_RAX: ffffffffffffffffCS: 0010SS: 0018 #10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core] #11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core] #12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core] #13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core] #14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core] #15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core] #16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core] #17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46 #18 [ffff89240e1a3d48] speed_show at ffffffff8f277208 #19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3 #20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf #21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596 #22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10 #23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5 #24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff #25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f #26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92 crash> net_device.state ffff89443b0c0000 state = 0x5(__LINK_STATE_START| __LINK_STATE_NOCARRIER) To prevent this scenario, we also make sure that the netdevice is present.

Solution(s)

• amazon-linux-ami-2-upgrade-bpftool
• amazon-linux-ami-2-upgrade-bpftool-debuginfo
• amazon-linux-ami-2-upgrade-kernel
• amazon-linux-ami-2-upgrade-kernel-debuginfo
• amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64
• amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64
• amazon-linux-ami-2-upgrade-kernel-devel
• amazon-linux-ami-2-upgrade-kernel-headers
• amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-273-207-502
• amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-106-102-504
• amazon-linux-ami-2-upgrade-kernel-tools
• amazon-linux-ami-2-upgrade-kernel-tools-debuginfo
• amazon-linux-ami-2-upgrade-kernel-tools-devel
• amazon-linux-ami-2-upgrade-perf
• amazon-linux-ami-2-upgrade-perf-debuginfo
• amazon-linux-ami-2-upgrade-python-perf
• amazon-linux-ami-2-upgrade-python-perf-debuginfo

References

• https://attackerkb.com/topics/cve-2022-48850
• AL2/ALAS-2022-1768
• AL2/ALASKERNEL-5.10-2022-012
• AL2/ALASKERNEL-5.4-2022-024
• CVE - 2022-48850