-

CVE-2022-50265

In the Linux kernel, the following vulnerability has been resolved:

kcm: annotate data-races around kcm->rx_wait

kcm->rx_psock can be read locklessly in kcm_rfree().
Annotate the read and writes accordingly.

syzbot reported:

BUG: KCSAN: data-race in kcm_rcv_strparser / kcm_rfree

write to 0xffff88810784e3d0 of 1 bytes by task 1823 on cpu 1:
reserve_rx_kcm net/kcm/kcmsock.c:283 [inline]
kcm_rcv_strparser+0x250/0x3a0 net/kcm/kcmsock.c:363
__strp_recv+0x64c/0xd20 net/strparser/strparser.c:301
strp_recv+0x6d/0x80 net/strparser/strparser.c:335
tcp_read_sock+0x13e/0x5a0 net/ipv4/tcp.c:1703
strp_read_sock net/strparser/strparser.c:358 [inline]
do_strp_work net/strparser/strparser.c:406 [inline]
strp_work+0xe8/0x180 net/strparser/strparser.c:415
process_one_work+0x3d3/0x720 kernel/workqueue.c:2289
worker_thread+0x618/0xa70 kernel/workqueue.c:2436
kthread+0x1a9/0x1e0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306

read to 0xffff88810784e3d0 of 1 bytes by task 17869 on cpu 0:
kcm_rfree+0x121/0x220 net/kcm/kcmsock.c:181
skb_release_head_state+0x8e/0x160 net/core/skbuff.c:841
skb_release_all net/core/skbuff.c:852 [inline]
__kfree_skb net/core/skbuff.c:868 [inline]
kfree_skb_reason+0x5c/0x260 net/core/skbuff.c:891
kfree_skb include/linux/skbuff.h:1216 [inline]
kcm_recvmsg+0x226/0x2b0 net/kcm/kcmsock.c:1161
____sys_recvmsg+0x16c/0x2e0
___sys_recvmsg net/socket.c:2743 [inline]
do_recvmmsg+0x2f1/0x710 net/socket.c:2837
__sys_recvmmsg net/socket.c:2916 [inline]
__do_sys_recvmmsg net/socket.c:2939 [inline]
__se_sys_recvmmsg net/socket.c:2932 [inline]
__x64_sys_recvmmsg+0xde/0x160 net/socket.c:2932
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

value changed: 0x01 -> 0x00

Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 17869 Comm: syz-executor.2 Not tainted 6.1.0-rc1-syzkaller-00010-gbb1a1146467a-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < dbc3a0b917c4f75292b1c0819c188e40fd3c8924
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
Version < 9ae47f11493509cde707af8ecc7eee04c8b8e635
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
Version < f1f7122bb2ef056afc6f91ce4c35ab6df1207c8d
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
Version < 663682cd3192dd4f3547b7890a4391c72441001d
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
Version < e2a28807b1ceaa309164b92c38d73d12feea33df
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
Version < 62086d1c4602e4f2ec07b975165afc2ed0ff1be9
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
Version < 2733fb2ad5bfbe6538f2f93a21f2504e3dba9d6a
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
Version < 0c745b5141a45a076f1cb9772a399f7ebcb0948a
Version ab7ac4eb9832e32a09f4e8042705484d2fb0aad3
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 4.6
Status affected
Version < 4.6
Version 0
Status unaffected
Version <= 4.9.*
Version 4.9.332
Status unaffected
Version <= 4.14.*
Version 4.14.298
Status unaffected
Version <= 4.19.*
Version 4.19.264
Status unaffected
Version <= 5.4.*
Version 5.4.223
Status unaffected
Version <= 5.10.*
Version 5.10.153
Status unaffected
Version <= 5.15.*
Version 5.15.77
Status unaffected
Version <= 6.0.*
Version 6.0.7
Status unaffected
Version <= *
Version 6.1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.078
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String