{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48799", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-16T11:38:08.895Z", "datePublished": "2024-07-16T11:43:52.894Z", "dateUpdated": "2024-11-04T12:16:47.810Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:16:47.810Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix list corruption in perf_cgroup_switch()\n\nThere's list corruption on cgrp_cpuctx_list. This happens on the\nfollowing path:\n\n perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)\n cpu_ctx_sched_in\n ctx_sched_in\n ctx_pinned_sched_in\n merge_sched_in\n perf_cgroup_event_disable: remove the event from the list\n\nUse list_for_each_entry_safe() to allow removing an entry during\niteration."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c"], "versions": [{"version": "058fe1c0440e", "lessThan": "5d76ed422340", "status": "affected", "versionType": "git"}, {"version": "058fe1c0440e", "lessThan": "30d9f3cbe47e", "status": "affected", "versionType": "git"}, {"version": "058fe1c0440e", "lessThan": "a2ed7b29d067", "status": "affected", "versionType": "git"}, {"version": "058fe1c0440e", "lessThan": "f6b5d51976fc", "status": "affected", "versionType": "git"}, {"version": "058fe1c0440e", "lessThan": "7969fe91c983", "status": "affected", "versionType": "git"}, {"version": "058fe1c0440e", "lessThan": "2142bc1469a3", "status": "affected", "versionType": "git"}, {"version": "058fe1c0440e", "lessThan": "5f4e5ce638e6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c"], "versions": [{"version": "4.11", "status": "affected"}, {"version": "0", "lessThan": "4.11", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.267", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.230", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.180", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.101", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.24", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.10", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186"}, {"url": "https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727"}, {"url": "https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45"}, {"url": "https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8"}, {"url": "https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a"}, {"url": "https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81"}, {"url": "https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0"}], "title": "perf: Fix list corruption in perf_cgroup_switch()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.607Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48799", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:59:09.842596Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:14.602Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:25:01.607Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48799", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:59:09.842596Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:21.557Z"}}], "cna": {"title": "perf: Fix list corruption in perf_cgroup_switch()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "058fe1c0440e", "lessThan": "5d76ed422340", "versionType": "git"}, {"status": "affected", "version": "058fe1c0440e", "lessThan": "30d9f3cbe47e", "versionType": "git"}, {"status": "affected", "version": "058fe1c0440e", "lessThan": "a2ed7b29d067", "versionType": "git"}, {"status": "affected", "version": "058fe1c0440e", "lessThan": "f6b5d51976fc", "versionType": "git"}, {"status": "affected", "version": "058fe1c0440e", "lessThan": "7969fe91c983", "versionType": "git"}, {"status": "affected", "version": "058fe1c0440e", "lessThan": "2142bc1469a3", "versionType": "git"}, {"status": "affected", "version": "058fe1c0440e", "lessThan": "5f4e5ce638e6", "versionType": "git"}], "programFiles": ["kernel/events/core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.11"}, {"status": "unaffected", "version": "0", "lessThan": "4.11", "versionType": "semver"}, {"status": "unaffected", "version": "4.14.267", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.230", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.180", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.101", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.24", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16.10", "versionType": "semver", "lessThanOrEqual": "5.16.*"}, {"status": "unaffected", "version": "5.17", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/events/core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186"}, {"url": "https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727"}, {"url": "https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45"}, {"url": "https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8"}, {"url": "https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a"}, {"url": "https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81"}, {"url": "https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix list corruption in perf_cgroup_switch()\n\nThere's list corruption on cgrp_cpuctx_list. This happens on the\nfollowing path:\n\n perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)\n cpu_ctx_sched_in\n ctx_sched_in\n ctx_pinned_sched_in\n merge_sched_in\n perf_cgroup_event_disable: remove the event from the list\n\nUse list_for_each_entry_safe() to allow removing an entry during\niteration."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:16:47.810Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48799", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:16:47.810Z", "dateReserved": "2024-07-16T11:38:08.895Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-16T11:43:52.894Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix list corruption in perf_cgroup_switch()\n\nThere's list corruption on cgrp_cpuctx_list. This happens on the\nfollowing path:\n\n perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)\n cpu_ctx_sched_in\n ctx_sched_in\n ctx_pinned_sched_in\n merge_sched_in\n perf_cgroup_event_disable: remove the event from the list\n\nUse list_for_each_entry_safe() to allow removing an entry during\niteration."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf: corrige la corrupci\u00f3n de la lista en perf_cgroup_switch() Hay una lista corrupta en cgrp_cpuctx_list. Esto sucede en la siguiente ruta: perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list) cpu_ctx_sched_in ctx_sched_in ctx_pinned_sched_in merge_sched_in perf_cgroup_event_disable: eliminar el evento de la lista Utilice list_for_each_entry_safe() para permitir eliminar una entrada durante la iteraci\u00f3n."}], "id": "CVE-2022-48799", "lastModified": "2024-11-21T07:34:06.700", "metrics": {}, "published": "2024-07-16T12:15:04.490", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:6992", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "kernel-0:4.18.0-193.141.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6156", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "kernel-0:4.18.0-305.139.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6160", "cpe": "cpe:/a:redhat:rhel_tus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.139.1.rt7.215.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6156", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "kernel-0:4.18.0-305.139.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6156", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "kernel-0:4.18.0-305.139.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:5692", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.119.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-08-21T00:00:00Z"}, {"advisory": "RHSA-2024:5692", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.119.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-08-21T00:00:00Z"}, {"advisory": "RHSA-2024:5692", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.119.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-08-21T00:00:00Z"}, {"advisory": "RHSA-2024:6991", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.117.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6990", "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.117.1.rt21.189.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-09-24T00:00:00Z"}], "bugzilla": {"description": "kernel: perf: Fix list corruption in perf_cgroup_switch()", "id": "2298135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298135"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nperf: Fix list corruption in perf_cgroup_switch()\nThere's list corruption on cgrp_cpuctx_list. This happens on the\nfollowing path:\nperf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)\ncpu_ctx_sched_in\nctx_sched_in\nctx_pinned_sched_in\nmerge_sched_in\nperf_cgroup_event_disable: remove the event from the list\nUse list_for_each_entry_safe() to allow removing an entry during\niteration."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48799", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48799\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48799\nhttps://lore.kernel.org/linux-cve-announce/2024071643-CVE-2022-48799-9594@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.14.267, kernel 4.19.230, kernel 5.4.180, kernel 5.10.101, kernel 5.15.24, kernel 5.16.10, kernel 5.17"}