PT-2025-8390 · Linux+1 · Linux Kernel+1
Syzbot
·
Published
2022-05-19
·
Updated
2025-02-28
·
CVE-2022-49456
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.18.0-rc5-syzkaller-01392-g01f4685797a5
Description
A vulnerability in the Linux kernel has been resolved. The issue was related to the removal of the rcu read lock in the bond ethtool get ts info() function, which could be called via setsockopt without holding the rcu lock. This vulnerability was identified by syzbot and is related to the bonding driver. The vulnerability could potentially cause issues with the bonding driver when removing the rcu read lock.
Recommendations
For Linux kernel versions prior to 5.18.0-rc5-syzkaller-01392-g01f4685797a5, apply the fix by adding rcu read lock and taking a reference on the real dev in the bond ethtool get ts info() function.
Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linux Kernel