Ubuntu: (CVE-2022-48919): linux vulnerability

Ubuntu: (CVE-2022-48919): linux vulnerability

Severity

7

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

08/22/2024

Created

11/21/2024

Added

11/19/2024

Modified

02/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free the context. In this situation we should not proceed to enter the out: section in cifs_smb3_do_mount() and free the same resources a second time. [Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0 [Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4 [Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019 [Thu Feb 10 12:59:06 2022] Call Trace: [Thu Feb 10 12:59:06 2022]<IRQ> [Thu Feb 10 12:59:06 2022]dump_stack_lvl+0x5d/0x78 [Thu Feb 10 12:59:06 2022]print_address_description.constprop.0+0x24/0x150 [Thu Feb 10 12:59:06 2022]? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022]kasan_report.cold+0x7d/0x117 [Thu Feb 10 12:59:06 2022]? rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022]__asan_load8+0x86/0xa0 [Thu Feb 10 12:59:06 2022]rcu_cblist_dequeue+0x32/0x60 [Thu Feb 10 12:59:06 2022]rcu_core+0x547/0xca0 [Thu Feb 10 12:59:06 2022]? call_rcu+0x3c0/0x3c0 [Thu Feb 10 12:59:06 2022]? __this_cpu_preempt_check+0x13/0x20 [Thu Feb 10 12:59:06 2022]? lock_is_held_type+0xea/0x140 [Thu Feb 10 12:59:06 2022]rcu_core_si+0xe/0x10 [Thu Feb 10 12:59:06 2022]__do_softirq+0x1d4/0x67b [Thu Feb 10 12:59:06 2022]__irq_exit_rcu+0x100/0x150 [Thu Feb 10 12:59:06 2022]irq_exit_rcu+0xe/0x30 [Thu Feb 10 12:59:06 2022]sysvec_hyperv_stimer0+0x9d/0xc0 ... [Thu Feb 10 12:59:07 2022] Freed by task 58179: [Thu Feb 10 12:59:07 2022]kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022]kasan_set_track+0x25/0x30 [Thu Feb 10 12:59:07 2022]kasan_set_free_info+0x24/0x40 [Thu Feb 10 12:59:07 2022]____kasan_slab_free+0x137/0x170 [Thu Feb 10 12:59:07 2022]__kasan_slab_free+0x12/0x20 [Thu Feb 10 12:59:07 2022]slab_free_freelist_hook+0xb3/0x1d0 [Thu Feb 10 12:59:07 2022]kfree+0xcd/0x520 [Thu Feb 10 12:59:07 2022]cifs_smb3_do_mount+0x149/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022]smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022]vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022]path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022]__x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022]do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022]entry_SYSCALL_64_after_hwframe+0x44/0xae [Thu Feb 10 12:59:07 2022] Last potentially related work creation: [Thu Feb 10 12:59:07 2022]kasan_save_stack+0x26/0x50 [Thu Feb 10 12:59:07 2022]__kasan_record_aux_stack+0xb6/0xc0 [Thu Feb 10 12:59:07 2022]kasan_record_aux_stack_noalloc+0xb/0x10 [Thu Feb 10 12:59:07 2022]call_rcu+0x76/0x3c0 [Thu Feb 10 12:59:07 2022]cifs_umount+0xce/0xe0 [cifs] [Thu Feb 10 12:59:07 2022]cifs_kill_sb+0xc8/0xe0 [cifs] [Thu Feb 10 12:59:07 2022]deactivate_locked_super+0x5d/0xd0 [Thu Feb 10 12:59:07 2022]cifs_smb3_do_mount+0xab9/0xbe0 [cifs] [Thu Feb 10 12:59:07 2022]smb3_get_tree+0x1a0/0x2e0 [cifs] [Thu Feb 10 12:59:07 2022]vfs_get_tree+0x52/0x140 [Thu Feb 10 12:59:07 2022]path_mount+0x635/0x10c0 [Thu Feb 10 12:59:07 2022]__x64_sys_mount+0x1bf/0x210 [Thu Feb 10 12:59:07 2022]do_syscall_64+0x5c/0xc0 [Thu Feb 10 12:59:07 2022]entry_SYSCALL_64_after_hwframe+0x44/0xae

Solution(s)

• ubuntu-upgrade-linux
• ubuntu-upgrade-linux-aws
• ubuntu-upgrade-linux-aws-5-4
• ubuntu-upgrade-linux-aws-fips
• ubuntu-upgrade-linux-aws-hwe
• ubuntu-upgrade-linux-azure
• ubuntu-upgrade-linux-azure-4-15
• ubuntu-upgrade-linux-azure-5-4
• ubuntu-upgrade-linux-azure-fips
• ubuntu-upgrade-linux-bluefield
• ubuntu-upgrade-linux-fips
• ubuntu-upgrade-linux-gcp
• ubuntu-upgrade-linux-gcp-4-15
• ubuntu-upgrade-linux-gcp-5-4
• ubuntu-upgrade-linux-gcp-fips
• ubuntu-upgrade-linux-gkeop
• ubuntu-upgrade-linux-hwe
• ubuntu-upgrade-linux-hwe-5-4
• ubuntu-upgrade-linux-ibm
• ubuntu-upgrade-linux-ibm-5-4
• ubuntu-upgrade-linux-intel-iotg-5-15
• ubuntu-upgrade-linux-iot
• ubuntu-upgrade-linux-kvm
• ubuntu-upgrade-linux-oracle
• ubuntu-upgrade-linux-oracle-5-4
• ubuntu-upgrade-linux-raspi
• ubuntu-upgrade-linux-raspi-5-4

References

• https://attackerkb.com/topics/cve-2022-48919
• CVE - 2022-48919
• https://git.kernel.org/linus/3d6cc9898efdfb062efb74dc18cfc700e082f5d5
• https://git.kernel.org/stable/c/147a0e71ccf96df9fc8c2ac500829d8e423ef02c
• https://git.kernel.org/stable/c/2fe0e281f7ad0a62259649764228227dd6b2561d
• https://git.kernel.org/stable/c/3d6cc9898efdfb062efb74dc18cfc700e082f5d5
• https://git.kernel.org/stable/c/546d60859ecf13380fcabcbeace53a5971493a2b
• https://git.kernel.org/stable/c/563431c1f3c8f2230e4a9c445fa23758742bc4f0
• https://git.kernel.org/stable/c/da834d6c1147c7519a9e55b510a03b7055104749
• https://git.kernel.org/stable/c/df9db1a2af37f39ad1653c7b9b0d275d72d0bc67
• https://git.kernel.org/stable/c/e208668ef7ba23efcbf76a8200cab8deee501c4d
• https://www.cve.org/CVERecord?id=CVE-2022-48919

View more