CVE-2022-48638

cgroup: cgroup_get_from_id() must check the looked-up kn is a directory

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

cgroup: cgroup_get_from_id() must check the looked-up kn is a directory

cgroup has to be one kernfs dir, otherwise kernel panic is caused,
especially cgroup id is provide from userspace.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cgroup: cgroup_get_from_id() debe verificar que el kn buscado sea un directorio. cgroup tiene que ser un directorio kernfs; de lo contrario, se produce un pánico en el kernel, especialmente la identificación de cgroup se proporciona desde el espacio de usuario.

A flaw was found in the Linux kernel in which certain cgroup configurations could cause a kernel panic, resulting in a Denial of Service.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-04-28 CVE Published
2024-04-29 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-588: Attempt to Access Child of a Non-structure Pointer

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/6b658c4863c15936872a93c9ee879043bf6393c9	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8484a356cee8ce3d6a8e6266ff99be326e9273ad	2022-10-05
https://git.kernel.org/stable/c/1e9571887f97b17cf3ffe9aa4da89090ea60988b	2022-09-28
https://git.kernel.org/stable/c/df02452f3df069a59bc9e69c84435bf115cb6e37	2022-09-23

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-48638	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2277829	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.15.72 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15.72"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.19.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.19.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.0"		en		Affected