PT-2022-7513 · Linux+4 · Linux Kernel+4

Ivan Vecera

Published

2022-03-10

Updated

2024-08-30

CVE-2022-48842

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition vulnerability in the Linux kernel's ice component can cause a dead-lock when an interface leaves and immediately rejoins a LAG. This occurs because the ice plug aux dev() function is called from the ice service task() context, creating an auxiliary device and taking the associated device lock, while the ice unplug aux dev() function, called by the notifier under RTNL lock, attempts to take the same lock, resulting in a dead-lock. The vulnerability can be exploited by an attacker to cause a denial-of-service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-667

Related Identifiers

BDU:2024-06690

CVE-2022-48842

OPENSUSE-SU-2024_2947-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

Affected Products

Astra Linux

Debian

Linux Kernel

Red Os

Suse

PT-2022-7513 · Linux+4 · Linux Kernel+4

CVE-2022-48842

Weakness Enumeration

Related Identifiers

Affected Products

References · 1231