Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-48671— cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()

EPSS 0.01% · P1
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-48671

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() syzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at cpuset_attach() [1], for commit 4f7e7236435ca0ab ("cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock") missed that cpuset_attach() is also called from cgroup_attach_task_all(). Add cpus_read_lock() like what cgroup_procs_write_start() does.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于缺少cpus_read_lock函数。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux e446300968c6bd25d9cd6c33b9600780a39b3975 ~ 321488cfac7d0eb6d97de467015ff754f85813ff -
LinuxLinux 5.4.213 ~ 5.4.215 -

II. Public POCs for CVE-2022-48671

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-48671

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-05-03 · 25 CVEs total

CVE-2022-48694RDMA/irdma: Fix drain SQ hang with no completion
CVE-2022-48705wifi: mt76: mt7921e: fix crash in chip reset fail
CVE-2022-48704drm/radeon: add a force flush to delay work when radeon
CVE-2022-48695scsi: mpt3sas: Fix use-after-free warning
CVE-2022-48690ice: Fix DMA mappings leak
CVE-2022-48703thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
CVE-2022-48702ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
CVE-2022-48701ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
CVE-2022-48699sched/debug: fix dentry leak in update_sched_domain_debugfs
CVE-2022-48698drm/amd/display: fix memory leak when using debugfs_lookup()
CVE-2022-48697nvmet: fix a use-after-free
CVE-2022-48696regmap: spi: Reserve space for register address/padding
CVE-2022-48670peci: cpu: Fix use-after-free in adev_release()
CVE-2022-48693soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
CVE-2022-48692RDMA/srp: Set scmnd->result only when scmnd is not NULL
CVE-2022-48691netfilter: nf_tables: clean up hook list when offload flags check fails
CVE-2022-48689tcp: TX zerocopy should not sense pfmemalloc status
CVE-2022-48688i40e: Fix kernel crash during module removal
CVE-2022-48687ipv6: sr: fix out-of-bounds read when setting HMAC data.
CVE-2022-48686nvme-tcp: fix UAF when detecting digest errors

Showing top 20 of 25 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2022-48671

No comments yet

Leave a comment