CVE-2022-48780 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies of these callback functions will be overwritten incorrectly, resulting in a loop call issue: clcsk->sk_error_report |- smc_fback_error_report() <------------------------------| |- smc_fback_forward_wakeup() | (loop) |- clcsock_callback() (incorrectly overwritten) | |- smc->clcsk_error_report() ------------------| So this patch fixes the issue by saving these function pointers only once in the fallback and avoiding overwriting.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/1de9770d121ee9294794cca0e0be8fbfa0134ee8
https://git.kernel.org/stable/c/7de7ba7a8bd4fde0141de8674c13514d0072f0e6
https://git.kernel.org/stable/c/f00b6c976ae0dfbd9b891175f713f59095d23842
https://lore.kernel.org/linux-cve-announce/2024071632-CVE-2022-48780-0f27@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-48780
https://www.cve.org/CVERecord?id=CVE-2022-48780

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 26 Aug 2024 10:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-835

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-16T11:13:17.827Z

Updated: 2024-11-04T12:16:22.566Z

Reserved: 2024-06-20T11:09:39.067Z

Link: CVE-2022-48780

Vulnrichment

Updated: 2024-09-11T12:42:21.787Z

NVD

Status : Awaiting Analysis

Published: 2024-07-16T12:15:03.143

Modified: 2024-07-16T13:43:58.773

Link: CVE-2022-48780

Redhat

Severity : Moderate

Publid Date: 2024-07-16T00:00:00Z

Links: CVE-2022-48780 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48780", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-20T11:09:39.067Z", "datePublished": "2024-07-16T11:13:17.827Z", "dateUpdated": "2024-11-04T12:16:22.566Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:16:22.566Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Avoid overwriting the copies of clcsock callback functions\n\nThe callback functions of clcsock will be saved and replaced during\nthe fallback. But if the fallback happens more than once, then the\ncopies of these callback functions will be overwritten incorrectly,\nresulting in a loop call issue:\n\nclcsk->sk_error_report\n |- smc_fback_error_report() <------------------------------|\n |- smc_fback_forward_wakeup() | (loop)\n |- clcsock_callback() (incorrectly overwritten) |\n |- smc->clcsk_error_report() ------------------|\n\nSo this patch fixes the issue by saving these function pointers only\nonce in the fallback and avoiding overwriting."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/smc/af_smc.c"], "versions": [{"version": "0ef6049f6649", "lessThan": "7de7ba7a8bd4", "status": "affected", "versionType": "git"}, {"version": "504078fbe9dd", "lessThan": "f00b6c976ae0", "status": "affected", "versionType": "git"}, {"version": "341adeec9ada", "lessThan": "1de9770d121e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/smc/af_smc.c"], "versions": [{"version": "5.15.22", "lessThan": "5.15.25", "status": "affected", "versionType": "semver"}, {"version": "5.16.8", "lessThan": "5.16.11", "status": "affected", "versionType": "semver"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7de7ba7a8bd4fde0141de8674c13514d0072f0e6"}, {"url": "https://git.kernel.org/stable/c/f00b6c976ae0dfbd9b891175f713f59095d23842"}, {"url": "https://git.kernel.org/stable/c/1de9770d121ee9294794cca0e0be8fbfa0134ee8"}], "title": "net/smc: Avoid overwriting the copies of clcsock callback functions", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.873Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7de7ba7a8bd4fde0141de8674c13514d0072f0e6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f00b6c976ae0dfbd9b891175f713f59095d23842", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1de9770d121ee9294794cca0e0be8fbfa0134ee8", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48780", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:00:20.984147Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:17.145Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48780", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-20T11:09:39.067Z", "datePublished": "2024-07-16T11:13:17.827Z", "dateUpdated": "2024-08-03T15:25:01.873Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-16T11:13:17.827Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Avoid overwriting the copies of clcsock callback functions\n\nThe callback functions of clcsock will be saved and replaced during\nthe fallback. But if the fallback happens more than once, then the\ncopies of these callback functions will be overwritten incorrectly,\nresulting in a loop call issue:\n\nclcsk->sk_error_report\n |- smc_fback_error_report() <------------------------------|\n |- smc_fback_forward_wakeup() | (loop)\n |- clcsock_callback() (incorrectly overwritten) |\n |- smc->clcsk_error_report() ------------------|\n\nSo this patch fixes the issue by saving these function pointers only\nonce in the fallback and avoiding overwriting."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/smc/af_smc.c"], "versions": [{"version": "0ef6049f6649", "lessThan": "7de7ba7a8bd4", "status": "affected", "versionType": "git"}, {"version": "504078fbe9dd", "lessThan": "f00b6c976ae0", "status": "affected", "versionType": "git"}, {"version": "341adeec9ada", "lessThan": "1de9770d121e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/smc/af_smc.c"], "versions": [{"version": "5.15.22", "lessThan": "5.15.25", "status": "affected", "versionType": "custom"}, {"version": "5.16.8", "lessThan": "5.16.11", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7de7ba7a8bd4fde0141de8674c13514d0072f0e6"}, {"url": "https://git.kernel.org/stable/c/f00b6c976ae0dfbd9b891175f713f59095d23842"}, {"url": "https://git.kernel.org/stable/c/1de9770d121ee9294794cca0e0be8fbfa0134ee8"}], "title": "net/smc: Avoid overwriting the copies of clcsock callback functions", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48780", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:00:20.984147Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:21.787Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Avoid overwriting the copies of clcsock callback functions\n\nThe callback functions of clcsock will be saved and replaced during\nthe fallback. But if the fallback happens more than once, then the\ncopies of these callback functions will be overwritten incorrectly,\nresulting in a loop call issue:\n\nclcsk->sk_error_report\n |- smc_fback_error_report() <------------------------------|\n |- smc_fback_forward_wakeup() | (loop)\n |- clcsock_callback() (incorrectly overwritten) |\n |- smc->clcsk_error_report() ------------------|\n\nSo this patch fixes the issue by saving these function pointers only\nonce in the fallback and avoiding overwriting."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: evite sobrescribir las copias de las funciones de devoluci\u00f3n de llamada de clcsock. Las funciones de devoluci\u00f3n de llamada de clcsock se guardar\u00e1n y reemplazar\u00e1n durante la reserva. Pero si el retroceso ocurre m\u00e1s de una vez, las copias de estas funciones de devoluci\u00f3n de llamada se sobrescribir\u00e1n incorrectamente, lo que provocar\u00e1 un problema de llamada en bucle: clcsk->sk_error_report |- smc_fback_error_report() <------------ ------------------| |- smc_fback_forward_wakeup() | (bucle) |- clcsock_callback() (sobrescrito incorrectamente) | |- smc->clcsk_error_report() ------------------| Por lo tanto, este parche soluciona el problema al guardar estos punteros de funci\u00f3n solo una vez en el respaldo y evitar la sobrescritura."}], "id": "CVE-2022-48780", "lastModified": "2024-07-16T13:43:58.773", "metrics": {}, "published": "2024-07-16T12:15:03.143", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1de9770d121ee9294794cca0e0be8fbfa0134ee8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7de7ba7a8bd4fde0141de8674c13514d0072f0e6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f00b6c976ae0dfbd9b891175f713f59095d23842"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net/smc: Avoid overwriting the copies of clcsock callback functions", "id": "2298116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298116"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-835", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet/smc: Avoid overwriting the copies of clcsock callback functions\nThe callback functions of clcsock will be saved and replaced during\nthe fallback. But if the fallback happens more than once, then the\ncopies of these callback functions will be overwritten incorrectly,\nresulting in a loop call issue:\nclcsk->sk_error_report\n|- smc_fback_error_report() <------------------------------|\n|- smc_fback_forward_wakeup() | (loop)\n|- clcsock_callback() (incorrectly overwritten) |\n|- smc->clcsk_error_report() ------------------|\nSo this patch fixes the issue by saving these function pointers only\nonce in the fallback and avoiding overwriting."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48780", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48780\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48780\nhttps://lore.kernel.org/linux-cve-announce/2024071632-CVE-2022-48780-0f27@gregkh/T"], "statement": "Following issue marked as moderate with \"not affected or will not fix\" for Red Hat Enterprise Linux, as it is not vulnerable to this CVE. This is because the CVE does not impact the versions or configurations of the Linux kernel used in Red Hat's distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.25, kernel 5.16.11"}