PT-2022-7497 · Linux+3 · Linux Kernel+3

Syzbot

Published

2022-02-15

Updated

2024-09-27

CVE-2022-48937

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.17.0-smp-DEV #801

Description The vulnerability is related to the io uring component in the Linux kernel. Looping approximately 65535 times doing kmalloc() calls can trigger soft lockups, especially with DEBUG features enabled, such as KASAN. This issue can cause a denial of service.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the io uring vulnerability. Specifically, apply the patch that adds a schedule point in io add buffers() to prevent soft lockups.

Note: The provided information does not specify the exact version that includes the fix, so it is recommended to update to the latest available version of the Linux kernel.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2024-06654

CVE-2022-48937

OESA-2024-2109

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3408-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3227-1

SUSE-SU-2024:3408-1

SUSE-SU-2024:3483-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2022-7497 · Linux+3 · Linux Kernel+3

CVE-2022-48937

Weakness Enumeration

Related Identifiers

Affected Products

References · 692