Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2022-48974

Description

In the Linux kernel, the following vulnerability has been resolved:netfilter: conntrack: fix using __this_cpu_add in preemptibleCurrently in nf_conntrack_hash_check_insert(), when it fails innf_ct_ext_valid_pre/post(), NF_CT_STAT_INC() will be called in thepreemptible context, a call trace can be triggered: BUG: using __this_cpu_add() in preemptible [00000000] code: conntrack/1636 caller is nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack] Call Trace: dump_stack_lvl+0x33/0x46 check_preemption_disabled+0xc3/0xf0 nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack] ctnetlink_create_conntrack+0x3cd/0x4e0 [nf_conntrack_netlink] ctnetlink_new_conntrack+0x1c0/0x450 [nf_conntrack_netlink] nfnetlink_rcv_msg+0x277/0x2f0 [nfnetlink] netlink_rcv_skb+0x50/0x100 nfnetlink_rcv+0x65/0x144 [nfnetlink] netlink_unicast+0x1ae/0x290 netlink_sendmsg+0x257/0x4f0 sock_sendmsg+0x5f/0x70This patch is to fix it by changing to use NF_CT_STAT_INC_ATOMIC() fornf_ct_ext_valid_pre/post() check in nf_conntrack_hash_check_insert(),as well as nf_ct_ext_valid_post() in __nf_conntrack_confirm().Note that nf_ct_ext_valid_pre() check in __nf_conntrack_confirm() issafe to use NF_CT_STAT_INC(), as it's under local_bh_disable().

POC

Reference

No PoCs from references.

Github

- https://github.com/ARPSyndicate/cve-scores