PT-2022-7440 · Linux+3 · Linux Kernel+3

Yishai Hadas

Published

2022-09-05

Updated

2025-01-24

CVE-2022-48675

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a nested dead lock in the IB/core component of the Linux kernel, specifically as part of the ODP flow. This dead lock can occur when the mmput() function is called while the umem odp->umem mutex is locked, as required by ib umem odp map dma and lock(). This may trigger a dead lock when trying to lock the same mutex in the exit mmap()-> mmu notifier release()->mlx5 ib invalidate range() flow. The problem can be solved by using mmput async() instead, which will execute the exit mmap() flow in another task once the lock is available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2024-06338

CVE-2022-48675

OESA-2024-2080

OPENSUSE-SU-2024_1644-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:1644-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2189-1

SUSE-SU-2025:0231-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2022-7440 · Linux+3 · Linux Kernel+3

CVE-2022-48675

Weakness Enumeration

Related Identifiers

Affected Products

References · 1248