CVE-2022-48745 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use del_timer_sync in fw reset flow of halting poll Substitute del_timer() with del_timer_sync() in fw reset polling deactivation flow, in order to prevent a race condition which occurs when del_timer() is called and timer is deactivated while another process is handling the timer interrupt. A situation that led to the following call trace: RIP: 0010:run_timer_softirq+0x137/0x420 <IRQ> recalibrate_cpu_khz+0x10/0x10 ktime_get+0x3e/0xa0 ? sched_clock_cpu+0xb/0xc0 __do_softirq+0xf5/0x2ea irq_exit_rcu+0xc1/0xf0 sysvec_apic_timer_interrupt+0x9e/0xc0 asm_sysvec_apic_timer_interrupt+0x12/0x20 </IRQ>

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/2a038dd1d942f8fbc495c58fa592ff24af05f1c2
https://git.kernel.org/stable/c/3c5193a87b0fea090aa3f769d020337662d87b5e
https://git.kernel.org/stable/c/502c37b033fab7cde3e95a570af4f073306be45e
https://git.kernel.org/stable/c/f895ebeb44d09d02674cfdd0cfc2bf687603918c
https://lore.kernel.org/linux-cve-announce/2024062004-CVE-2022-48745-7f0a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-48745
https://www.cve.org/CVERecord?id=CVE-2022-48745

History

Thu, 12 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-20T11:13:28.638Z

Updated: 2024-09-11T17:34:48.212Z

Reserved: 2024-06-20T11:09:39.055Z

Link: CVE-2022-48745

Vulnrichment

Updated: 2024-08-03T15:25:01.552Z

NVD

Status : Awaiting Analysis

Published: 2024-06-20T12:15:12.783

Modified: 2024-06-20T12:43:25.663

Link: CVE-2022-48745

Redhat

Severity : Low

Publid Date: 2024-06-20T00:00:00Z

Links: CVE-2022-48745 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48745", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-20T11:09:39.055Z", "datePublished": "2024-06-20T11:13:28.638Z", "dateUpdated": "2024-09-11T17:34:48.212Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-06-20T11:14:36.851Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Use del_timer_sync in fw reset flow of halting poll\n\nSubstitute del_timer() with del_timer_sync() in fw reset polling\ndeactivation flow, in order to prevent a race condition which occurs\nwhen del_timer() is called and timer is deactivated while another\nprocess is handling the timer interrupt. A situation that led to\nthe following call trace:\n\tRIP: 0010:run_timer_softirq+0x137/0x420\n\t<IRQ>\n\trecalibrate_cpu_khz+0x10/0x10\n\tktime_get+0x3e/0xa0\n\t? sched_clock_cpu+0xb/0xc0\n\t__do_softirq+0xf5/0x2ea\n\tirq_exit_rcu+0xc1/0xf0\n\tsysvec_apic_timer_interrupt+0x9e/0xc0\n\tasm_sysvec_apic_timer_interrupt+0x12/0x20\n\t</IRQ>"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c"], "versions": [{"version": "38b9f903f22b", "lessThan": "502c37b033fa", "status": "affected", "versionType": "git"}, {"version": "38b9f903f22b", "lessThan": "f895ebeb44d0", "status": "affected", "versionType": "git"}, {"version": "38b9f903f22b", "lessThan": "2a038dd1d942", "status": "affected", "versionType": "git"}, {"version": "38b9f903f22b", "lessThan": "3c5193a87b0f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.97", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.20", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16.6", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/502c37b033fab7cde3e95a570af4f073306be45e"}, {"url": "https://git.kernel.org/stable/c/f895ebeb44d09d02674cfdd0cfc2bf687603918c"}, {"url": "https://git.kernel.org/stable/c/2a038dd1d942f8fbc495c58fa592ff24af05f1c2"}, {"url": "https://git.kernel.org/stable/c/3c5193a87b0fea090aa3f769d020337662d87b5e"}], "title": "net/mlx5: Use del_timer_sync in fw reset flow of halting poll", "x_generator": {"engine": "bippy-7d53e8ef8be4"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.552Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/502c37b033fab7cde3e95a570af4f073306be45e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f895ebeb44d09d02674cfdd0cfc2bf687603918c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2a038dd1d942f8fbc495c58fa592ff24af05f1c2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3c5193a87b0fea090aa3f769d020337662d87b5e", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48745", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:10:34.989904Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:48.212Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/502c37b033fab7cde3e95a570af4f073306be45e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f895ebeb44d09d02674cfdd0cfc2bf687603918c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2a038dd1d942f8fbc495c58fa592ff24af05f1c2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3c5193a87b0fea090aa3f769d020337662d87b5e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.552Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48745", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:10:34.989904Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:25.989Z"}}], "cna": {"title": "net/mlx5: Use del_timer_sync in fw reset flow of halting poll", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "38b9f903f22b", "lessThan": "502c37b033fa", "versionType": "git"}, {"status": "affected", "version": "38b9f903f22b", "lessThan": "f895ebeb44d0", "versionType": "git"}, {"status": "affected", "version": "38b9f903f22b", "lessThan": "2a038dd1d942", "versionType": "git"}, {"status": "affected", "version": "38b9f903f22b", "lessThan": "3c5193a87b0f", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.97", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.20", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.6", "versionType": "custom", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/502c37b033fab7cde3e95a570af4f073306be45e"}, {"url": "https://git.kernel.org/stable/c/f895ebeb44d09d02674cfdd0cfc2bf687603918c"}, {"url": "https://git.kernel.org/stable/c/2a038dd1d942f8fbc495c58fa592ff24af05f1c2"}, {"url": "https://git.kernel.org/stable/c/3c5193a87b0fea090aa3f769d020337662d87b5e"}], "x_generator": {"engine": "bippy-7d53e8ef8be4"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Use del_timer_sync in fw reset flow of halting poll\n\nSubstitute del_timer() with del_timer_sync() in fw reset polling\ndeactivation flow, in order to prevent a race condition which occurs\nwhen del_timer() is called and timer is deactivated while another\nprocess is handling the timer interrupt. A situation that led to\nthe following call trace:\n\tRIP: 0010:run_timer_softirq+0x137/0x420\n\t<IRQ>\n\trecalibrate_cpu_khz+0x10/0x10\n\tktime_get+0x3e/0xa0\n\t? sched_clock_cpu+0xb/0xc0\n\t__do_softirq+0xf5/0x2ea\n\tirq_exit_rcu+0xc1/0xf0\n\tsysvec_apic_timer_interrupt+0x9e/0xc0\n\tasm_sysvec_apic_timer_interrupt+0x12/0x20\n\t</IRQ>"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-06-20T11:14:36.851Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48745", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:48.212Z", "dateReserved": "2024-06-20T11:09:39.055Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-20T11:13:28.638Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Use del_timer_sync in fw reset flow of halting poll\n\nSubstitute del_timer() with del_timer_sync() in fw reset polling\ndeactivation flow, in order to prevent a race condition which occurs\nwhen del_timer() is called and timer is deactivated while another\nprocess is handling the timer interrupt. A situation that led to\nthe following call trace:\n\tRIP: 0010:run_timer_softirq+0x137/0x420\n\t<IRQ>\n\trecalibrate_cpu_khz+0x10/0x10\n\tktime_get+0x3e/0xa0\n\t? sched_clock_cpu+0xb/0xc0\n\t__do_softirq+0xf5/0x2ea\n\tirq_exit_rcu+0xc1/0xf0\n\tsysvec_apic_timer_interrupt+0x9e/0xc0\n\tasm_sysvec_apic_timer_interrupt+0x12/0x20\n\t</IRQ>"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Utilice del_timer_sync en el flujo de desactivaci\u00f3n del sondeo de reinicio de fw. Sustituya del_timer() por del_timer_sync() en el flujo de desactivaci\u00f3n del sondeo de reinicio de fw, para evitar una condici\u00f3n de ejecuci\u00f3n que se produce cuando se llama a del_timer() y el temporizador se desactiva mientras otro proceso maneja la interrupci\u00f3n del temporizador. Una situaci\u00f3n que llev\u00f3 al siguiente seguimiento de llamadas: RIP: 0010:run_timer_softirq+0x137/0x420 recalibrate_cpu_khz+0x10/0x10 ktime_get+0x3e/0xa0 ? sched_clock_cpu+0xb/0xc0 __do_softirq+0xf5/0x2ea irq_exit_rcu+0xc1/0xf0 sysvec_apic_timer_interrupt+0x9e/0xc0 asm_sysvec_apic_timer_interrupt+0x12/0x20 "}], "id": "CVE-2022-48745", "lastModified": "2024-06-20T12:43:25.663", "metrics": {}, "published": "2024-06-20T12:15:12.783", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2a038dd1d942f8fbc495c58fa592ff24af05f1c2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3c5193a87b0fea090aa3f769d020337662d87b5e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/502c37b033fab7cde3e95a570af4f073306be45e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f895ebeb44d09d02674cfdd0cfc2bf687603918c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net/mlx5: Use del_timer_sync in fw reset flow of halting poll", "id": "2293314", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293314"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5: Use del_timer_sync in fw reset flow of halting poll\nSubstitute del_timer() with del_timer_sync() in fw reset polling\ndeactivation flow, in order to prevent a race condition which occurs\nwhen del_timer() is called and timer is deactivated while another\nprocess is handling the timer interrupt. A situation that led to\nthe following call trace:\nRIP: 0010:run_timer_softirq+0x137/0x420\n<IRQ>\nrecalibrate_cpu_khz+0x10/0x10\nktime_get+0x3e/0xa0\n? sched_clock_cpu+0xb/0xc0\n__do_softirq+0xf5/0x2ea\nirq_exit_rcu+0xc1/0xf0\nsysvec_apic_timer_interrupt+0x9e/0xc0\nasm_sysvec_apic_timer_interrupt+0x12/0x20\n</IRQ>"], "name": "CVE-2022-48745", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48745\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48745\nhttps://lore.kernel.org/linux-cve-announce/2024062004-CVE-2022-48745-7f0a@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.10.97, kernel 5.15.20, kernel 5.16.6, kernel 5.17"}