CVE-2022-48660

gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully

When running gpio test on nxp-ls1028 platform with below command
gpiomon --num-events=3 --rising-edge gpiochip1 25
There will be a warning trace as below:
Call trace:
free_irq+0x204/0x360
lineevent_free+0x64/0x70
gpio_ioctl+0x598/0x6a0
__arm64_sys_ioctl+0xb4/0x100
invoke_syscall+0x5c/0x130
......
el0t_64_sync+0x1a0/0x1a4
The reason of this issue is that calling request_threaded_irq()
function failed, and then lineevent_free() is invoked to release
the resource. Since the lineevent_state::irq was already set, so
the subsequent invocation of free_irq() would trigger the above
warning call trace. To fix this issue, set the lineevent_state::irq
after the IRQ register successfully.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: gpiolib: cdev: configure lineevent_state::irq después del registro IRQ con éxito Al ejecutar la prueba gpio en la plataforma nxp-ls1028 con el siguiente comando gpiomon --num-events=3 --rising-edge gpiochip1 25 Habrá un seguimiento de advertencia como se muestra a continuación: Seguimiento de llamada: free_irq+0x204/0x360 lineevent_free+0x64/0x70 gpio_ioctl+0x598/0x6a0 __arm64_sys_ioctl+0xb4/0x100 invoke_syscall+0x5c/0x130 ...... 0x1a0/0x1a4 El motivo de este problema es que falló la llamada a la función request_threaded_irq() y luego se invoca lineevent_free() para liberar el recurso. Dado que lineevent_state::irq ya estaba configurado, la invocación posterior de free_irq() activaría el seguimiento de llamada de advertencia anterior. Para solucionar este problema, configure lineevent_state::irq después del registro IRQ correctamente.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-04-28 CVE Published
2024-05-01 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/468242724143a8e732f82f664b1e77432d149618	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/657803b918e097e47d99d1489da83a603c36bcdd	2022-09-28
https://git.kernel.org/stable/c/97da736cd11ae73bdf2f5e21e24446b8349e0168	2022-09-28
https://git.kernel.org/stable/c/b1489043d3b9004dd8d5a0357b08b5f0e6691c43	2022-09-28
https://git.kernel.org/stable/c/69bef19d6b9700e96285f4b4e28691cda3dcd0d1	2022-09-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.10.146 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.10.146"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.15.71 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.15.71"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.19.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.19.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 6.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 6.0"		en		Affected