CVE-2022-48714 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: bpf: Use VM_MAP instead of VM_ALLOC for ringbuf After commit 2fd3fb0be1d1 ("kasan, vmalloc: unpoison VM_ALLOC pages after mapping"), non-VM_ALLOC mappings will be marked as accessible in __get_vm_area_node() when KASAN is enabled. But now the flag for ringbuf area is VM_ALLOC, so KASAN will complain out-of-bound access after vmap() returns. Because the ringbuf area is created by mapping allocated pages, so use VM_MAP instead. After the change, info in /proc/vmallocinfo also changes from [start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmalloc user to [start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmap user

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/5e457aeab52a5947619e1f18047f4d2f3212b3eb
https://git.kernel.org/stable/c/6304a613a97d6dcd49b93fbad31e9f39d1e138d6
https://git.kernel.org/stable/c/b293dcc473d22a62dc6d78de2b15e4f49515db56
https://git.kernel.org/stable/c/d578933f6226d5419af9306746efa1c693cbaf9c
https://lore.kernel.org/linux-cve-announce/2024062054-CVE-2022-48714-726f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-48714
https://www.cve.org/CVERecord?id=CVE-2022-48714

History

Thu, 12 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-20T11:13:08.007Z

Updated: 2024-11-04T12:15:06.121Z

Reserved: 2024-06-20T11:09:39.050Z

Link: CVE-2022-48714

Vulnrichment

Updated: 2024-08-03T15:17:55.841Z

NVD

Status : Awaiting Analysis

Published: 2024-06-20T11:15:55.033

Modified: 2024-06-20T12:43:25.663

Link: CVE-2022-48714

Redhat

Severity : Low

Publid Date: 2024-06-20T00:00:00Z

Links: CVE-2022-48714 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48714", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-20T11:09:39.050Z", "datePublished": "2024-06-20T11:13:08.007Z", "dateUpdated": "2024-11-04T12:15:06.121Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:15:06.121Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use VM_MAP instead of VM_ALLOC for ringbuf\n\nAfter commit 2fd3fb0be1d1 (\"kasan, vmalloc: unpoison VM_ALLOC pages\nafter mapping\"), non-VM_ALLOC mappings will be marked as accessible\nin __get_vm_area_node() when KASAN is enabled. But now the flag for\nringbuf area is VM_ALLOC, so KASAN will complain out-of-bound access\nafter vmap() returns. Because the ringbuf area is created by mapping\nallocated pages, so use VM_MAP instead.\n\nAfter the change, info in /proc/vmallocinfo also changes from\n [start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmalloc user\nto\n [start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmap user"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/ringbuf.c"], "versions": [{"version": "457f44363a88", "lessThan": "6304a613a97d", "status": "affected", "versionType": "git"}, {"version": "457f44363a88", "lessThan": "5e457aeab52a", "status": "affected", "versionType": "git"}, {"version": "457f44363a88", "lessThan": "d578933f6226", "status": "affected", "versionType": "git"}, {"version": "457f44363a88", "lessThan": "b293dcc473d2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/ringbuf.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.99", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.22", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.8", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/6304a613a97d6dcd49b93fbad31e9f39d1e138d6"}, {"url": "https://git.kernel.org/stable/c/5e457aeab52a5947619e1f18047f4d2f3212b3eb"}, {"url": "https://git.kernel.org/stable/c/d578933f6226d5419af9306746efa1c693cbaf9c"}, {"url": "https://git.kernel.org/stable/c/b293dcc473d22a62dc6d78de2b15e4f49515db56"}], "title": "bpf: Use VM_MAP instead of VM_ALLOC for ringbuf", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.841Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6304a613a97d6dcd49b93fbad31e9f39d1e138d6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5e457aeab52a5947619e1f18047f4d2f3212b3eb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d578933f6226d5419af9306746efa1c693cbaf9c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b293dcc473d22a62dc6d78de2b15e4f49515db56", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48714", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:11:29.204417Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:50.097Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6304a613a97d6dcd49b93fbad31e9f39d1e138d6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5e457aeab52a5947619e1f18047f4d2f3212b3eb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d578933f6226d5419af9306746efa1c693cbaf9c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b293dcc473d22a62dc6d78de2b15e4f49515db56", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.841Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48714", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:11:29.204417Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:26.230Z"}}], "cna": {"title": "bpf: Use VM_MAP instead of VM_ALLOC for ringbuf", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "457f44363a88", "lessThan": "6304a613a97d", "versionType": "git"}, {"status": "affected", "version": "457f44363a88", "lessThan": "5e457aeab52a", "versionType": "git"}, {"status": "affected", "version": "457f44363a88", "lessThan": "d578933f6226", "versionType": "git"}, {"status": "affected", "version": "457f44363a88", "lessThan": "b293dcc473d2", "versionType": "git"}], "programFiles": ["kernel/bpf/ringbuf.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.8"}, {"status": "unaffected", "version": "0", "lessThan": "5.8", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.99", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.22", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.8", "versionType": "custom", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/bpf/ringbuf.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/6304a613a97d6dcd49b93fbad31e9f39d1e138d6"}, {"url": "https://git.kernel.org/stable/c/5e457aeab52a5947619e1f18047f4d2f3212b3eb"}, {"url": "https://git.kernel.org/stable/c/d578933f6226d5419af9306746efa1c693cbaf9c"}, {"url": "https://git.kernel.org/stable/c/b293dcc473d22a62dc6d78de2b15e4f49515db56"}], "x_generator": {"engine": "bippy-7d53e8ef8be4"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use VM_MAP instead of VM_ALLOC for ringbuf\n\nAfter commit 2fd3fb0be1d1 (\"kasan, vmalloc: unpoison VM_ALLOC pages\nafter mapping\"), non-VM_ALLOC mappings will be marked as accessible\nin __get_vm_area_node() when KASAN is enabled. But now the flag for\nringbuf area is VM_ALLOC, so KASAN will complain out-of-bound access\nafter vmap() returns. Because the ringbuf area is created by mapping\nallocated pages, so use VM_MAP instead.\n\nAfter the change, info in /proc/vmallocinfo also changes from\n [start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmalloc user\nto\n [start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmap user"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-06-20T11:13:55.864Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48714", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:50.097Z", "dateReserved": "2024-06-20T11:09:39.050Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-20T11:13:08.007Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use VM_MAP instead of VM_ALLOC for ringbuf\n\nAfter commit 2fd3fb0be1d1 (\"kasan, vmalloc: unpoison VM_ALLOC pages\nafter mapping\"), non-VM_ALLOC mappings will be marked as accessible\nin __get_vm_area_node() when KASAN is enabled. But now the flag for\nringbuf area is VM_ALLOC, so KASAN will complain out-of-bound access\nafter vmap() returns. Because the ringbuf area is created by mapping\nallocated pages, so use VM_MAP instead.\n\nAfter the change, info in /proc/vmallocinfo also changes from\n [start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmalloc user\nto\n [start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmap user"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: use VM_MAP en lugar de VM_ALLOC para ringbuf Despu\u00e9s del commit 2fd3fb0be1d1 (\"kasan, vmalloc: despoisone las p\u00e1ginas VM_ALLOC despu\u00e9s del mapeo\"), los mapeos que no sean VM_ALLOC se marcar\u00e1n como accesibles en __get_vm_area_node( ) cuando KASAN est\u00e1 habilitado. Pero ahora el indicador para el \u00e1rea ringbuf es VM_ALLOC, por lo que KASAN se quejar\u00e1 del acceso fuera de los l\u00edmites despu\u00e9s de que regrese vmap(). Debido a que el \u00e1rea ringbuf se crea asignando p\u00e1ginas asignadas, use VM_MAP en su lugar. Despu\u00e9s del cambio, la informaci\u00f3n en /proc/vmallocinfo tambi\u00e9n cambia de [inicio]-[fin] 24576 ringbuf_map_alloc+0x171/0x290 usuario vmalloc a [inicio]-[fin] 24576 ringbuf_map_alloc+0x171/0x290 usuario vmap"}], "id": "CVE-2022-48714", "lastModified": "2024-06-20T12:43:25.663", "metrics": {}, "published": "2024-06-20T11:15:55.033", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5e457aeab52a5947619e1f18047f4d2f3212b3eb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6304a613a97d6dcd49b93fbad31e9f39d1e138d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b293dcc473d22a62dc6d78de2b15e4f49515db56"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d578933f6226d5419af9306746efa1c693cbaf9c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: bpf: Use VM_MAP instead of VM_ALLOC for ringbuf", "id": "2293288", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293288"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbpf: Use VM_MAP instead of VM_ALLOC for ringbuf\nAfter commit 2fd3fb0be1d1 (\"kasan, vmalloc: unpoison VM_ALLOC pages\nafter mapping\"), non-VM_ALLOC mappings will be marked as accessible\nin __get_vm_area_node() when KASAN is enabled. But now the flag for\nringbuf area is VM_ALLOC, so KASAN will complain out-of-bound access\nafter vmap() returns. Because the ringbuf area is created by mapping\nallocated pages, so use VM_MAP instead.\nAfter the change, info in /proc/vmallocinfo also changes from\n[start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmalloc user\nto\n[start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmap user"], "name": "CVE-2022-48714", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48714\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48714\nhttps://lore.kernel.org/linux-cve-announce/2024062054-CVE-2022-48714-726f@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.10.99, kernel 5.15.22, kernel 5.16.8, kernel 5.17"}