{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48931", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T06:06:23.299Z", "datePublished": "2024-08-22T03:31:24.823Z", "dateUpdated": "2024-12-19T08:10:45.358Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:10:45.358Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs: fix a race in configfs_{,un}register_subsystem()\n\nWhen configfs_register_subsystem() or configfs_unregister_subsystem()\nis executing link_group() or unlink_group(),\nit is possible that two processes add or delete list concurrently.\nSome unfortunate interleavings of them can cause kernel panic.\n\nOne of cases is:\nA --> B --> C --> D\nA <-- B <-- C <-- D\n\n delete list_head *B | delete list_head *C\n--------------------------------|-----------------------------------\nconfigfs_unregister_subsystem | configfs_unregister_subsystem\n unlink_group | unlink_group\n unlink_obj | unlink_obj\n list_del_init | list_del_init\n __list_del_entry | __list_del_entry\n __list_del | __list_del\n // next == C |\n next->prev = prev |\n | next->prev = prev\n prev->next = next |\n | // prev == B\n | prev->next = next\n\nFix this by adding mutex when calling link_group() or unlink_group(),\nbut parent configfs_subsystem is NULL when config_item is root.\nSo I create a mutex configfs_subsystem_mutex."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/configfs/dir.c"], "versions": [{"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa", "lessThan": "40805099af11f68c5ca7dbcfacf455da8f99f622", "status": "affected", "versionType": "git"}, {"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa", "lessThan": "d1654de19d42f513b6cfe955cc77e7f427e05a77", "status": "affected", "versionType": "git"}, {"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa", "lessThan": "a37024f7757c25550accdebf49e497ad6ae239fe", "status": "affected", "versionType": "git"}, {"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa", "lessThan": "b7e2b91fcb5c78c414e33dc8d50642e307ca0c5a", "status": "affected", "versionType": "git"}, {"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa", "lessThan": "a7ab53d3c27dfe83bb594456b9f38a37796ec39b", "status": "affected", "versionType": "git"}, {"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa", "lessThan": "e7a66dd2687758718eddd79b542a95cf3aa488cc", "status": "affected", "versionType": "git"}, {"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa", "lessThan": "3aadfd46858b1f64d4d6a0654b863e21aabff975", "status": "affected", "versionType": "git"}, {"version": "7063fbf2261194f72ee75afca67b3b38b554b5fa", "lessThan": "84ec758fb2daa236026506868c8796b0500c047d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/configfs/dir.c"], "versions": [{"version": "2.6.16", "status": "affected"}, {"version": "0", "lessThan": "2.6.16", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.304", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.269", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.232", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.182", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.103", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.26", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.12", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/40805099af11f68c5ca7dbcfacf455da8f99f622"}, {"url": "https://git.kernel.org/stable/c/d1654de19d42f513b6cfe955cc77e7f427e05a77"}, {"url": "https://git.kernel.org/stable/c/a37024f7757c25550accdebf49e497ad6ae239fe"}, {"url": "https://git.kernel.org/stable/c/b7e2b91fcb5c78c414e33dc8d50642e307ca0c5a"}, {"url": "https://git.kernel.org/stable/c/a7ab53d3c27dfe83bb594456b9f38a37796ec39b"}, {"url": "https://git.kernel.org/stable/c/e7a66dd2687758718eddd79b542a95cf3aa488cc"}, {"url": "https://git.kernel.org/stable/c/3aadfd46858b1f64d4d6a0654b863e21aabff975"}, {"url": "https://git.kernel.org/stable/c/84ec758fb2daa236026506868c8796b0500c047d"}], "title": "configfs: fix a race in configfs_{,un}register_subsystem()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48931", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:32:49.740795Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:10.278Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48931", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:32:49.740795Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:15.600Z"}}], "cna": {"title": "configfs: fix a race in configfs_{,un}register_subsystem()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "7063fbf22611", "lessThan": "40805099af11", "versionType": "git"}, {"status": "affected", "version": "7063fbf22611", "lessThan": "d1654de19d42", "versionType": "git"}, {"status": "affected", "version": "7063fbf22611", "lessThan": "a37024f7757c", "versionType": "git"}, {"status": "affected", "version": "7063fbf22611", "lessThan": "b7e2b91fcb5c", "versionType": "git"}, {"status": "affected", "version": "7063fbf22611", "lessThan": "a7ab53d3c27d", "versionType": "git"}, {"status": "affected", "version": "7063fbf22611", "lessThan": "e7a66dd26877", "versionType": "git"}, {"status": "affected", "version": "7063fbf22611", "lessThan": "3aadfd46858b", "versionType": "git"}, {"status": "affected", "version": "7063fbf22611", "lessThan": "84ec758fb2da", "versionType": "git"}], "programFiles": ["fs/configfs/dir.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.16"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.16", "versionType": "semver"}, {"status": "unaffected", "version": "4.9.304", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.269", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.232", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.182", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.103", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.26", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.12", "versionType": "semver", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/configfs/dir.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/40805099af11f68c5ca7dbcfacf455da8f99f622"}, {"url": "https://git.kernel.org/stable/c/d1654de19d42f513b6cfe955cc77e7f427e05a77"}, {"url": "https://git.kernel.org/stable/c/a37024f7757c25550accdebf49e497ad6ae239fe"}, {"url": "https://git.kernel.org/stable/c/b7e2b91fcb5c78c414e33dc8d50642e307ca0c5a"}, {"url": "https://git.kernel.org/stable/c/a7ab53d3c27dfe83bb594456b9f38a37796ec39b"}, {"url": "https://git.kernel.org/stable/c/e7a66dd2687758718eddd79b542a95cf3aa488cc"}, {"url": "https://git.kernel.org/stable/c/3aadfd46858b1f64d4d6a0654b863e21aabff975"}, {"url": "https://git.kernel.org/stable/c/84ec758fb2daa236026506868c8796b0500c047d"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs: fix a race in configfs_{,un}register_subsystem()\n\nWhen configfs_register_subsystem() or configfs_unregister_subsystem()\nis executing link_group() or unlink_group(),\nit is possible that two processes add or delete list concurrently.\nSome unfortunate interleavings of them can cause kernel panic.\n\nOne of cases is:\nA --> B --> C --> D\nA <-- B <-- C <-- D\n\n delete list_head *B | delete list_head *C\n--------------------------------|-----------------------------------\nconfigfs_unregister_subsystem | configfs_unregister_subsystem\n unlink_group | unlink_group\n unlink_obj | unlink_obj\n list_del_init | list_del_init\n __list_del_entry | __list_del_entry\n __list_del | __list_del\n // next == C |\n next->prev = prev |\n | next->prev = prev\n prev->next = next |\n | // prev == B\n | prev->next = next\n\nFix this by adding mutex when calling link_group() or unlink_group(),\nbut parent configfs_subsystem is NULL when config_item is root.\nSo I create a mutex configfs_subsystem_mutex."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:19:24.787Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48931", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:19:24.787Z", "dateReserved": "2024-08-21T06:06:23.299Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-22T03:31:24.823Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "21912390-FBA5-4A90-B649-77DB55849C77", "versionEndExcluding": "4.9.304", "versionStartIncluding": "2.6.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0F577D3-EFEA-42CF-80AA-905297529D7F", "versionEndExcluding": "4.14.269", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF11C6DC-8B9A-4A37-B1E6-33B68F5366ED", "versionEndExcluding": "4.19.232", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE74CED8-43BF-4060-9578-93A09735B4E2", "versionEndExcluding": "5.4.182", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A95B717-3110-4D4F-B8FC-373919BB514D", "versionEndExcluding": "5.10.103", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AB342AE-A62E-4947-A6EA-511453062B2B", "versionEndExcluding": "5.15.26", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C76BAB21-7F23-4AD8-A25F-CA7B262A2698", "versionEndExcluding": "5.16.12", "versionStartIncluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs: fix a race in configfs_{,un}register_subsystem()\n\nWhen configfs_register_subsystem() or configfs_unregister_subsystem()\nis executing link_group() or unlink_group(),\nit is possible that two processes add or delete list concurrently.\nSome unfortunate interleavings of them can cause kernel panic.\n\nOne of cases is:\nA --> B --> C --> D\nA <-- B <-- C <-- D\n\n delete list_head *B | delete list_head *C\n--------------------------------|-----------------------------------\nconfigfs_unregister_subsystem | configfs_unregister_subsystem\n unlink_group | unlink_group\n unlink_obj | unlink_obj\n list_del_init | list_del_init\n __list_del_entry | __list_del_entry\n __list_del | __list_del\n // next == C |\n next->prev = prev |\n | next->prev = prev\n prev->next = next |\n | // prev == B\n | prev->next = next\n\nFix this by adding mutex when calling link_group() or unlink_group(),\nbut parent configfs_subsystem is NULL when config_item is root.\nSo I create a mutex configfs_subsystem_mutex."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: configfs: arregla una ejecuci\u00f3n en configfs_{,un}register_subsystem() Cuando configfs_register_subsystem() o configfs_unregister_subsystem() est\u00e1 ejecutando link_group() o unlink_group(), es posible que dos procesos agregar o eliminar la lista al mismo tiempo. Algunas intercalaciones desafortunadas de ellos pueden causar p\u00e1nico en el kernel. Uno de los casos es: A --&gt; B --&gt; C --&gt; DA &lt;-- B &lt;-- C &lt;-- D eliminar list_head *B | eliminar list_head *C --------------------------------|------------- ---------------------- configfs_unregister_subsystem | configfs_unregister_subsystem unlink_group | desvincular_grupo desvincular_obj | unlink_obj list_del_init | list_del_init __list_del_entry | __list_del_entry __list_del | __list_del // siguiente == C | siguiente-&gt;anterior = anterior | | siguiente-&gt;anterior = anterior anterior-&gt;siguiente = siguiente | | // anterior == B | prev-&gt;next = next Solucione esto agregando mutex al llamar a link_group() o unlink_group(), pero el configfs_subsystem principal es NULL cuando config_item es root. Entonces creo un mutex configfs_subsystem_mutex."}], "id": "CVE-2022-48931", "lastModified": "2024-08-23T01:54:11.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-08-22T04:15:16.010", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3aadfd46858b1f64d4d6a0654b863e21aabff975"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/40805099af11f68c5ca7dbcfacf455da8f99f622"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/84ec758fb2daa236026506868c8796b0500c047d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a37024f7757c25550accdebf49e497ad6ae239fe"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a7ab53d3c27dfe83bb594456b9f38a37796ec39b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b7e2b91fcb5c78c414e33dc8d50642e307ca0c5a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d1654de19d42f513b6cfe955cc77e7f427e05a77"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e7a66dd2687758718eddd79b542a95cf3aa488cc"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: configfs: fix a race in configfs_{,un}register_subsystem()", "id": "2307187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307187"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nconfigfs: fix a race in configfs_{,un}register_subsystem()\nWhen configfs_register_subsystem() or configfs_unregister_subsystem()\nis executing link_group() or unlink_group(),\nit is possible that two processes add or delete list concurrently.\nSome unfortunate interleavings of them can cause kernel panic.\nOne of cases is:\nA --> B --> C --> D\nA <-- B <-- C <-- D\ndelete list_head *B | delete list_head *C\n--------------------------------|-----------------------------------\nconfigfs_unregister_subsystem | configfs_unregister_subsystem\nunlink_group | unlink_group\nunlink_obj | unlink_obj\nlist_del_init | list_del_init\n__list_del_entry | __list_del_entry\n__list_del | __list_del\n// next == C |\nnext->prev = prev |\n| next->prev = prev\nprev->next = next |\n| // prev == B\n| prev->next = next\nFix this by adding mutex when calling link_group() or unlink_group(),\nbut parent configfs_subsystem is NULL when config_item is root.\nSo I create a mutex configfs_subsystem_mutex."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48931", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48931\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48931\nhttps://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48931-ec5b@gregkh/T"], "statement": "Following issue marked as moderate with \"not affected\" for Red Hat Enterprise Linux, as it is not vulnerable to this CVE. This is because the CVE does not impact the versions or configurations of the Linux kernel used in Red Hat's distributions. Additionally, some RHEL versions may be marked as \"will not fix\" due to the minimal impact of the issue, and no fix will be provided.", "threat_severity": "Moderate"}