| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022630-CVE-2022-49709-f834@gregkh>
Date: Wed, 26 Feb 2025 03:24:32 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-49709: cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle
RCU_NONIDLE usage during __cfi_slowpath_diag can result in an invalid
RCU state in the cpuidle code path:
WARNING: CPU: 1 PID: 0 at kernel/rcu/tree.c:613 rcu_eqs_enter+0xe4/0x138
...
Call trace:
rcu_eqs_enter+0xe4/0x138
rcu_idle_enter+0xa8/0x100
cpuidle_enter_state+0x154/0x3a8
cpuidle_enter+0x3c/0x58
do_idle.llvm.6590768638138871020+0x1f4/0x2ec
cpu_startup_entry+0x28/0x2c
secondary_start_kernel+0x1b8/0x220
__secondary_switched+0x94/0x98
Instead, call rcu_irq_enter/exit to wake up RCU only when needed and
disable interrupts for the entire CFI shadow/module check when we do.
The Linux kernel CVE team has assigned CVE-2022-49709 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.13 with commit cf68fffb66d60d96209446bfc4a15291dc5a5d41 and fixed in 5.15.49 with commit 75f3a5fa2ad049c85ab5d5ee1ed9cfaa7e62c5ed
Issue introduced in 5.13 with commit cf68fffb66d60d96209446bfc4a15291dc5a5d41 and fixed in 5.18.6 with commit ca3897f2ac02ceae5e6fa794f83c36f9885b93da
Issue introduced in 5.13 with commit cf68fffb66d60d96209446bfc4a15291dc5a5d41 and fixed in 5.19 with commit 57cd6d157eb479f0a8e820fd36b7240845c8a937
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-49709
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
kernel/cfi.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/75f3a5fa2ad049c85ab5d5ee1ed9cfaa7e62c5ed
https://git.kernel.org/stable/c/ca3897f2ac02ceae5e6fa794f83c36f9885b93da
https://git.kernel.org/stable/c/57cd6d157eb479f0a8e820fd36b7240845c8a937
Powered by blists - more mailing lists