PT-2022-7490 · Linux+3 · Linux Kernel+3

Chenxiaosong

Published

2022-02-22

Updated

2024-09-27

CVE-2022-48931

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to a race condition in the configfs component of the Linux kernel. When configfs register subsystem() or configfs unregister subsystem() is executing link group() or unlink group(), it is possible that two processes add or delete list concurrently, leading to kernel panic. The issue arises from the incorrect synchronization of access to shared resources. To fix this, a mutex is added when calling link group() or unlink group(), but a special case is handled when the parent configfs subsystem is NULL for the root config item. A new mutex configfs subsystem mutex is created to address this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2024-06636

CVE-2022-48931

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3189-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3227-1

SUSE-SU-2024:3251-1

SUSE-SU-2024:3252-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2022-7490 · Linux+3 · Linux Kernel+3

CVE-2022-48931

Weakness Enumeration

Related Identifiers

Affected Products

References · 742