目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2022-48902— Linux kernel 安全漏洞

AI 预测 5.5 利用难度: 理论可行 EPSS 0.21% · P11

影响版本矩阵 8

厂商产品版本范围状态
LinuxLinux0b32f4bbb423f02acee6d43cd442f5f0775db7e0< e00077aa439f0e8f416699fa4e9600db6583db70affected
0b32f4bbb423f02acee6d43cd442f5f0775db7e0< 9efcc83b33b576302147634eca9bece8e3737e34affected
0b32f4bbb423f02acee6d43cd442f5f0775db7e0< a50e1fcbc9b85fd4e95b89a75c0884cb032a3e06affected
3.4affected
< 3.4unaffected
5.15.27≤ 5.15.*unaffected
5.16.13≤ 5.16.*unaffected
5.17≤ *unaffected
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2022-48902 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
btrfs: do not WARN_ON() if we have PageError set
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not WARN_ON() if we have PageError set Whenever we do any extent buffer operations we call assert_eb_page_uptodate() to complain loudly if we're operating on an non-uptodate page. Our overnight tests caught this warning earlier this week WARNING: CPU: 1 PID: 553508 at fs/btrfs/extent_io.c:6849 assert_eb_page_uptodate+0x3f/0x50 CPU: 1 PID: 553508 Comm: kworker/u4:13 Tainted: G W 5.17.0-rc3+ #564 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 Workqueue: btrfs-cache btrfs_work_helper RIP: 0010:assert_eb_page_uptodate+0x3f/0x50 RSP: 0018:ffffa961440a7c68 EFLAGS: 00010246 RAX: 0017ffffc0002112 RBX: ffffe6e74453f9c0 RCX: 0000000000001000 RDX: ffffe6e74467c887 RSI: ffffe6e74453f9c0 RDI: ffff8d4c5efc2fc0 RBP: 0000000000000d56 R08: ffff8d4d4a224000 R09: 0000000000000000 R10: 00015817fa9d1ef0 R11: 000000000000000c R12: 00000000000007b1 R13: ffff8d4c5efc2fc0 R14: 0000000001500000 R15: 0000000001cb1000 FS: 0000000000000000(0000) GS:ffff8d4dbbd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff31d3448d8 CR3: 0000000118be8004 CR4: 0000000000370ee0 Call Trace: extent_buffer_test_bit+0x3f/0x70 free_space_test_bit+0xa6/0xc0 load_free_space_tree+0x1f6/0x470 caching_thread+0x454/0x630 ? rcu_read_lock_sched_held+0x12/0x60 ? rcu_read_lock_sched_held+0x12/0x60 ? rcu_read_lock_sched_held+0x12/0x60 ? lock_release+0x1f0/0x2d0 btrfs_work_helper+0xf2/0x3e0 ? lock_release+0x1f0/0x2d0 ? finish_task_switch.isra.0+0xf9/0x3a0 process_one_work+0x26d/0x580 ? process_one_work+0x580/0x580 worker_thread+0x55/0x3b0 ? process_one_work+0x580/0x580 kthread+0xf0/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 This was partially fixed by c2e39305299f01 ("btrfs: clear extent buffer uptodate when we fail to write it"), however all that fix did was keep us from finding extent buffers after a failed writeout. It didn't keep us from continuing to use a buffer that we already had found. In this case we're searching the commit root to cache the block group, so we can start committing the transaction and switch the commit root and then start writing. After the switch we can look up an extent buffer that hasn't been written yet and start processing that block group. Then we fail to write that block out and clear Uptodate on the page, and then we start spewing these errors. Normally we're protected by the tree lock to a certain degree here. If we read a block we have that block read locked, and we block the writer from locking the block before we submit it for the write. However this isn't necessarily fool proof because the read could happen before we do the submit_bio and after we locked and unlocked the extent buffer. Also in this particular case we have path->skip_locking set, so that won't save us here. We'll simply get a block that was valid when we read it, but became invalid while we were using it. What we really want is to catch the case where we've "read" a block but it's not marked Uptodate. On read we ClearPageError(), so if we're !Uptodate and !Error we know we didn't do the right thing for reading the page. Fix this by checking !Uptodate && !Error, this way we will not complain if our buffer gets invalidated while we're using it, and we'll maintain the spirit of the check which is to make sure we have a fully in-cache block while we're messing with it.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未能正确处理PageError设置的情况。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 0b32f4bbb423f02acee6d43cd442f5f0775db7e0 ~ e00077aa439f0e8f416699fa4e9600db6583db70 -
LinuxLinux 3.4 -

二、漏洞 CVE-2022-48902 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2022-48902 的情报信息

登录查看更多情报信息。

CVE-2022-48902 其他参考 (3)

同批安全公告 · Linux · 2024-08-22 · 共 42 条

CVE-2022-48931Linux kernel 安全漏洞
CVE-2022-48923Linux kernel 安全漏洞
CVE-2022-48924Linux kernel 安全漏洞
CVE-2022-48925Linux kernel 安全漏洞
CVE-2022-48942Linux kernel 代码问题漏洞
CVE-2022-48943Linux kernel 安全漏洞
CVE-2022-48926Linux kernel 安全漏洞
CVE-2022-48927Linux kernel 安全漏洞
CVE-2022-48928Linux kernel 安全漏洞
CVE-2022-48929Linux kernel 安全漏洞
CVE-2022-48930Linux kernel 安全漏洞
CVE-2022-48922Linux kernel 安全漏洞
CVE-2022-48932Linux kernel 安全漏洞
CVE-2022-48933Linux kernel 安全漏洞
CVE-2022-48934Linux kernel 安全漏洞
CVE-2022-48935Linux kernel 安全漏洞
CVE-2022-48937Linux kernel 安全漏洞
CVE-2022-48938Linux kernel 输入验证错误漏洞
CVE-2022-48939Linux kernel 安全漏洞
CVE-2022-48940Linux kernel 缓冲区错误漏洞

显示前 20 条,共 42 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2022-48902

暂无评论


发表评论