CVE-2022-48939

bpf: Add schedule points in batch ops

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

bpf: Add schedule points in batch ops

syzbot reported various soft lockups caused by bpf batch operations.

INFO: task kworker/1:1:27 blocked for more than 140 seconds.
INFO: task hung in rcu_barrier

Nothing prevents batch ops to process huge amount of data,
we need to add schedule points in them.

Note that maybe_wait_bpf_programs(map) calls from
generic_map_delete_batch() can be factorized by moving
the call after the loop.

This will be done later in -next tree once we get this fix merged,
unless there is strong opinion doing this optimization sooner.

*Credits: N/A

CVSS Scores

Red Hatv3.1 3.3

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-08-22 CVE Reserved
2024-08-22 CVE Published
2024-08-22 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-834: Excessive Iteration

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/aa2e93b8e58e18442edfb2427446732415bc215e	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7ef94bfb08fb9e73defafbd5ddef6b5a0e2ee12b	2022-03-02
https://git.kernel.org/stable/c/8628f489b749a4f9767991631921dbe3fbcdc784	2022-03-02
https://git.kernel.org/stable/c/7e8099967d0e3ff9d1ae043e80b27fbe46c08417	2022-03-02
https://git.kernel.org/stable/c/75134f16e7dd0007aa474b281935c5f42e79f2c8	2022-02-17

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-48939	2023-05-09
https://bugzilla.redhat.com/show_bug.cgi?id=2307195	2023-05-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.10.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.10.103"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.15.26 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.15.26"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.16.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.16.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.17"		en		Affected