Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-48726— RDMA/ucma: Protect mc during concurrent multicast leaves

EPSS 0.02% · P5

Affected Version Matrix 10

VendorProductVersion RangeStatus
LinuxLinux95fe51096b7adf1d1e7315c49c75e2f75f162584< 75c610212b9f1756b9384911d3a2c347eee8031caffected
95fe51096b7adf1d1e7315c49c75e2f75f162584< 2923948ffe0835f7114e948b35bcc42bc9b3baa1affected
95fe51096b7adf1d1e7315c49c75e2f75f162584< ee2477e8ccd3d978eeac0dc5a981b286d9bb7b0aaffected
95fe51096b7adf1d1e7315c49c75e2f75f162584< 36e8169ec973359f671f9ec7213547059cae972eaffected
5.10affected
< 5.10unaffected
5.10.99≤ 5.10.*unaffected
5.15.22≤ 5.15.*unaffected
… +2 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-48726

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
RDMA/ucma: Protect mc during concurrent multicast leaves
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline] BUG: KASAN: use-after-free in ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579 Read of size 8 at addr ffff88801bb74b00 by task syz-executor.1/25529 CPU: 0 PID: 25529 Comm: syz-executor.1 Not tainted 5.16.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:450 ucma_cleanup_multicast drivers/infiniband/core/ucma.c:491 [inline] ucma_destroy_private_ctx+0x914/0xb70 drivers/infiniband/core/ucma.c:579 ucma_destroy_id+0x1e6/0x280 drivers/infiniband/core/ucma.c:614 ucma_write+0x25c/0x350 drivers/infiniband/core/ucma.c:1732 vfs_write+0x28e/0xae0 fs/read_write.c:588 ksys_write+0x1ee/0x250 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Currently the xarray search can touch a concurrently freeing mc as the xa_for_each() is not surrounded by any lock. Rather than hold the lock for a full scan hold it only for the effected items, which is usually an empty list.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 95fe51096b7adf1d1e7315c49c75e2f75f162584 ~ 75c610212b9f1756b9384911d3a2c347eee8031c -
LinuxLinux 5.10 -

II. Public POCs for CVE-2022-48726

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-48726

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-06-20 · 67 CVEs total

CVE-2022-48751net/smc: Transitional solution for clcsock race issue
CVE-2022-48770bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
CVE-2022-48768tracing/histogram: Fix a potential memory leak for kstrdup()
CVE-2022-48769efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
CVE-2022-48757net: fix information leakage in /proc/net/ptype
CVE-2022-48756drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
CVE-2022-48755powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
CVE-2022-48754phylib: fix potential use-after-free
CVE-2022-48753block: fix memory leak in disk_register_independent_access_ranges
CVE-2022-48752powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending
CVE-2022-48758scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
CVE-2022-48750hwmon: (nct6775) Fix crash in clear_caseopen
CVE-2022-48748net: bridge: vlan: fix memory leak in __allowed_ingress
CVE-2022-48749drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
CVE-2022-48747block: Fix wrong offset in bio_truncate()
CVE-2022-48745net/mlx5: Use del_timer_sync in fw reset flow of halting poll
CVE-2022-48746net/mlx5e: Fix handling of wrong devices during bond netevent
CVE-2022-48744net/mlx5e: Avoid field-overflowing memcpy()
CVE-2022-48743net: amd-xgbe: Fix skb data length underflow
CVE-2022-48742rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()

Showing top 20 of 67 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2022-48726

No comments yet

Leave a comment