PT-2024-8464 · Linux+2 · Linux Kernel+2
Published
2022-07-26
·
Updated
2024-11-05
·
CVE-2022-48635
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.19.0-rc7
Description
The issue is related to an infinite loop in the
dax iomap rw() function when the read() system call is invoked with a count of 0. This can cause a WARNING report and an infinite loop. The iomap iter() function returns 1, leading to the infinite loop. The vulnerability can be exploited to cause a denial of service.Technical details about exploitation include:
- The
read()system call with a count of 0 triggers the issue. - The
iomap iter()function returns 1, causing the infinite loop indax iomap rw(). - The
dax iomap rw()function is vulnerable due to its handling of thecountvariable.
Recommendations
To resolve the issue, update the Linux kernel to a version that includes the fix for the infinite loop in
dax iomap rw().
As a temporary workaround, consider avoiding the use of the read() system call with a count of 0 until a patch is available.Exploit
Fix
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linux Kernel
Red Os