cve-2022-49018
Vulnerability from cvelistv5
Published
2024-10-21 20:06
Modified
2024-12-19 08:12
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sleep in atomic at close time Matt reported a splat at msk close time: BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill preempt_count: 201, expected: 0 RCU nest depth: 0, expected: 0 4 locks held by packetdrill/155: #0: ffff888001536990 (&sb->s_type->i_mutex_key#6){+.+.}-{3:3}, at: __sock_release (net/socket.c:650) #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close (net/mptcp/protocol.c:2973) #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, at: __mptcp_close_ssk (net/mptcp/protocol.c:2363) #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, at: __lock_sock_fast (include/net/sock.h:1820) Preemption disabled at: 0x0 CPU: 1 PID: 155 Comm: packetdrill Not tainted 6.1.0-rc5 #365 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) __might_resched.cold (kernel/sched/core.c:9891) __mptcp_destroy_sock (include/linux/kernel.h:110) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_subflow_queue_clean (include/net/sock.h:1777) __mptcp_close_ssk (net/mptcp/protocol.c:2363) mptcp_destroy_common (net/mptcp/protocol.c:3170) mptcp_destroy (include/net/sock.h:1495) __mptcp_destroy_sock (net/mptcp/protocol.c:2886) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_close (net/mptcp/protocol.c:2974) inet_release (net/ipv4/af_inet.c:432) __sock_release (net/socket.c:651) sock_close (net/socket.c:1367) __fput (fs/file_table.c:320) task_work_run (kernel/task_work.c:181 (discriminator 1)) exit_to_user_mode_prepare (include/linux/resume_user_mode.h:49) syscall_exit_to_user_mode (kernel/entry/common.c:130) do_syscall_64 (arch/x86/entry/common.c:87) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) We can't call mptcp_close under the 'fast' socket lock variant, replace it with a sock_lock_nested() as the relevant code is already under the listening msk socket lock protection.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b4f166651d03b5484fa179817ba8ad4899a5a6acPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d8e6c5500dbf0f3e87aace90d4beba6ae928e866Patch
Impacted products
Vendor Product Version
Linux Linux Version: 30e51b923e436b631e8d5b77fa5e318c6b066dc7
Version: 30e51b923e436b631e8d5b77fa5e318c6b066dc7
 Create a notification for this product.
   Linux Linux Version: 6.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-49018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:12:58.392450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:18:37.571Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/subflow.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d8e6c5500dbf0f3e87aace90d4beba6ae928e866",
              "status": "affected",
              "version": "30e51b923e436b631e8d5b77fa5e318c6b066dc7",
              "versionType": "git"
            },
            {
              "lessThan": "b4f166651d03b5484fa179817ba8ad4899a5a6ac",
              "status": "affected",
              "version": "30e51b923e436b631e8d5b77fa5e318c6b066dc7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/subflow.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix sleep in atomic at close time\n\nMatt reported a splat at msk close time:\n\n    BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877\n    in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill\n    preempt_count: 201, expected: 0\n    RCU nest depth: 0, expected: 0\n    4 locks held by packetdrill/155:\n    #0: ffff888001536990 (\u0026sb-\u003es_type-\u003ei_mutex_key#6){+.+.}-{3:3}, at: __sock_release (net/socket.c:650)\n    #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close (net/mptcp/protocol.c:2973)\n    #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, at: __mptcp_close_ssk (net/mptcp/protocol.c:2363)\n    #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, at: __lock_sock_fast (include/net/sock.h:1820)\n    Preemption disabled at:\n    0x0\n    CPU: 1 PID: 155 Comm: packetdrill Not tainted 6.1.0-rc5 #365\n    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n    Call Trace:\n    \u003cTASK\u003e\n    dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\n    __might_resched.cold (kernel/sched/core.c:9891)\n    __mptcp_destroy_sock (include/linux/kernel.h:110)\n    __mptcp_close (net/mptcp/protocol.c:2959)\n    mptcp_subflow_queue_clean (include/net/sock.h:1777)\n    __mptcp_close_ssk (net/mptcp/protocol.c:2363)\n    mptcp_destroy_common (net/mptcp/protocol.c:3170)\n    mptcp_destroy (include/net/sock.h:1495)\n    __mptcp_destroy_sock (net/mptcp/protocol.c:2886)\n    __mptcp_close (net/mptcp/protocol.c:2959)\n    mptcp_close (net/mptcp/protocol.c:2974)\n    inet_release (net/ipv4/af_inet.c:432)\n    __sock_release (net/socket.c:651)\n    sock_close (net/socket.c:1367)\n    __fput (fs/file_table.c:320)\n    task_work_run (kernel/task_work.c:181 (discriminator 1))\n    exit_to_user_mode_prepare (include/linux/resume_user_mode.h:49)\n    syscall_exit_to_user_mode (kernel/entry/common.c:130)\n    do_syscall_64 (arch/x86/entry/common.c:87)\n    entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n\nWe can\u0027t call mptcp_close under the \u0027fast\u0027 socket lock variant, replace\nit with a sock_lock_nested() as the relevant code is already under the\nlistening msk socket lock protection."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:12:32.365Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d8e6c5500dbf0f3e87aace90d4beba6ae928e866"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4f166651d03b5484fa179817ba8ad4899a5a6ac"
        }
      ],
      "title": "mptcp: fix sleep in atomic at close time",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49018",
    "datePublished": "2024-10-21T20:06:26.627Z",
    "dateReserved": "2024-08-22T01:27:53.646Z",
    "dateUpdated": "2024-12-19T08:12:32.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49018\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-10-21T20:15:12.973\",\"lastModified\":\"2024-10-24T18:38:38.033\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmptcp: fix sleep in atomic at close time\\n\\nMatt reported a splat at msk close time:\\n\\n    BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877\\n    in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill\\n    preempt_count: 201, expected: 0\\n    RCU nest depth: 0, expected: 0\\n    4 locks held by packetdrill/155:\\n    #0: ffff888001536990 (\u0026sb-\u003es_type-\u003ei_mutex_key#6){+.+.}-{3:3}, at: __sock_release (net/socket.c:650)\\n    #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close (net/mptcp/protocol.c:2973)\\n    #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, at: __mptcp_close_ssk (net/mptcp/protocol.c:2363)\\n    #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, at: __lock_sock_fast (include/net/sock.h:1820)\\n    Preemption disabled at:\\n    0x0\\n    CPU: 1 PID: 155 Comm: packetdrill Not tainted 6.1.0-rc5 #365\\n    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\\n    Call Trace:\\n    \u003cTASK\u003e\\n    dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\\n    __might_resched.cold (kernel/sched/core.c:9891)\\n    __mptcp_destroy_sock (include/linux/kernel.h:110)\\n    __mptcp_close (net/mptcp/protocol.c:2959)\\n    mptcp_subflow_queue_clean (include/net/sock.h:1777)\\n    __mptcp_close_ssk (net/mptcp/protocol.c:2363)\\n    mptcp_destroy_common (net/mptcp/protocol.c:3170)\\n    mptcp_destroy (include/net/sock.h:1495)\\n    __mptcp_destroy_sock (net/mptcp/protocol.c:2886)\\n    __mptcp_close (net/mptcp/protocol.c:2959)\\n    mptcp_close (net/mptcp/protocol.c:2974)\\n    inet_release (net/ipv4/af_inet.c:432)\\n    __sock_release (net/socket.c:651)\\n    sock_close (net/socket.c:1367)\\n    __fput (fs/file_table.c:320)\\n    task_work_run (kernel/task_work.c:181 (discriminator 1))\\n    exit_to_user_mode_prepare (include/linux/resume_user_mode.h:49)\\n    syscall_exit_to_user_mode (kernel/entry/common.c:130)\\n    do_syscall_64 (arch/x86/entry/common.c:87)\\n    entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\\n\\nWe can\u0027t call mptcp_close under the \u0027fast\u0027 socket lock variant, replace\\nit with a sock_lock_nested() as the relevant code is already under the\\nlistening msk socket lock protection.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: se corrige la suspensi\u00f3n en atomic en el momento del cierre Matt inform\u00f3 un splat en el momento del cierre de msk: ERROR: funci\u00f3n de suspensi\u00f3n llamada desde un contexto no v\u00e1lido en net/mptcp/protocol.c:2877 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill preempt_count: 201, expected: 0 Profundidad de anidaci\u00f3n de RCU: 0, expected: 0 4 bloqueos mantenidos por packetdrill/155: #0: ffff888001536990 (\u0026amp;sb-\u0026gt;s_type-\u0026gt;i_mutex_key#6){+.+.}-{3:3}, en: __sock_release (net/socket.c:650) #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, en: mptcp_close (net/mptcp/protocol.c:2973) #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, en: __mptcp_close_ssk (net/mptcp/protocol.c:2363) #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, en: __lock_sock_fast (include/net/sock.h:1820) Preempci\u00f3n deshabilitada en: 0x0 CPU: 1 PID: 155 Comm: packetdrill No contaminado 6.1.0-rc5 #365 Nombre del hardware: QEMU PC est\u00e1ndar (i440FX + PIIX, 1996), BIOS 1.15.0-1 01/04/2014 Seguimiento de llamadas:  dump_stack_lvl (lib/dump_stack.c:107 (discriminador 4)) __might_resched.cold (kernel/sched/core.c:9891) __mptcp_destroy_sock (include/linux/kernel.h:110) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_subflow_queue_clean (include/net/sock.h:1777) __mptcp_close_ssk (net/mptcp/protocol.c:2363) mptcp_destroy_common (net/mptcp/protocol.c:3170) mptcp_destroy (include/net/sock.h:1495) __mptcp_destroy_sock (net/mptcp/protocol.c:2886) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_close (net/mptcp/protocol.c:2974) inet_release (net/ipv4/af_inet.c:432) __sock_release (net/socket.c:651) sock_close (net/socket.c:1367) __fput (fs/file_table.c:320) task_work_run (kernel/task_work.c:181 (discriminador 1)) salir_a_modo_usuario_preparar (include/linux/reanudar_modo_usuario.h:49) No podemos llamar a mptcp_close bajo la variante de bloqueo de socket \u0027r\u00e1pido\u0027, reempl\u00e1celo con sock_lock_nested() ya que el c\u00f3digo relevante ya est\u00e1 bajo la protecci\u00f3n de bloqueo de socket msk de escucha.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.19.14\",\"versionEndExcluding\":\"6.0\",\"matchCriteriaId\":\"D2B58E9C-FBF6-43D8-AB7E-A1076CD9AED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0\",\"versionEndExcluding\":\"6.0.12\",\"matchCriteriaId\":\"F513F5E9-B8E2-43FB-AA15-D6D48CA2B0E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7E331DA-1FB0-4DEC-91AC-7DA69D461C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F0B248-42CF-4AE6-A469-BB1BAE7F4705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2422816-0C14-4B5E-A1E6-A9D776E5C49B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B26BE4-43A6-4A36-A7F6-5B3F572D9186\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FFFB0B3-930D-408A-91E2-BAE0C2715D80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"8535320E-A0DB-4277-800E-D0CE5BBA59E8\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/b4f166651d03b5484fa179817ba8ad4899a5a6ac\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d8e6c5500dbf0f3e87aace90d4beba6ae928e866\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-49018\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-22T13:12:58.392450Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-22T13:13:01.594Z\"}}], \"cna\": {\"title\": \"mptcp: fix sleep in atomic at close time\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"30e51b923e436b631e8d5b77fa5e318c6b066dc7\", \"lessThan\": \"d8e6c5500dbf0f3e87aace90d4beba6ae928e866\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"30e51b923e436b631e8d5b77fa5e318c6b066dc7\", \"lessThan\": \"b4f166651d03b5484fa179817ba8ad4899a5a6ac\", \"versionType\": \"git\"}], \"programFiles\": [\"net/mptcp/subflow.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.0\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.0.12\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/mptcp/subflow.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/d8e6c5500dbf0f3e87aace90d4beba6ae928e866\"}, {\"url\": \"https://git.kernel.org/stable/c/b4f166651d03b5484fa179817ba8ad4899a5a6ac\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmptcp: fix sleep in atomic at close time\\n\\nMatt reported a splat at msk close time:\\n\\n    BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877\\n    in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packetdrill\\n    preempt_count: 201, expected: 0\\n    RCU nest depth: 0, expected: 0\\n    4 locks held by packetdrill/155:\\n    #0: ffff888001536990 (\u0026sb-\u003es_type-\u003ei_mutex_key#6){+.+.}-{3:3}, at: __sock_release (net/socket.c:650)\\n    #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close (net/mptcp/protocol.c:2973)\\n    #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, at: __mptcp_close_ssk (net/mptcp/protocol.c:2363)\\n    #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, at: __lock_sock_fast (include/net/sock.h:1820)\\n    Preemption disabled at:\\n    0x0\\n    CPU: 1 PID: 155 Comm: packetdrill Not tainted 6.1.0-rc5 #365\\n    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\\n    Call Trace:\\n    \u003cTASK\u003e\\n    dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\\n    __might_resched.cold (kernel/sched/core.c:9891)\\n    __mptcp_destroy_sock (include/linux/kernel.h:110)\\n    __mptcp_close (net/mptcp/protocol.c:2959)\\n    mptcp_subflow_queue_clean (include/net/sock.h:1777)\\n    __mptcp_close_ssk (net/mptcp/protocol.c:2363)\\n    mptcp_destroy_common (net/mptcp/protocol.c:3170)\\n    mptcp_destroy (include/net/sock.h:1495)\\n    __mptcp_destroy_sock (net/mptcp/protocol.c:2886)\\n    __mptcp_close (net/mptcp/protocol.c:2959)\\n    mptcp_close (net/mptcp/protocol.c:2974)\\n    inet_release (net/ipv4/af_inet.c:432)\\n    __sock_release (net/socket.c:651)\\n    sock_close (net/socket.c:1367)\\n    __fput (fs/file_table.c:320)\\n    task_work_run (kernel/task_work.c:181 (discriminator 1))\\n    exit_to_user_mode_prepare (include/linux/resume_user_mode.h:49)\\n    syscall_exit_to_user_mode (kernel/entry/common.c:130)\\n    do_syscall_64 (arch/x86/entry/common.c:87)\\n    entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\\n\\nWe can\u0027t call mptcp_close under the \u0027fast\u0027 socket lock variant, replace\\nit with a sock_lock_nested() as the relevant code is already under the\\nlistening msk socket lock protection.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-12-19T08:12:32.365Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-49018\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-19T08:12:32.365Z\", \"dateReserved\": \"2024-08-22T01:27:53.646Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-10-21T20:06:26.627Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.