Back

CVE-2022-48939

Aug. 22, 2024, 7:02 p.m.

Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Linux kernel

linux_kernel

  • *

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-08-22
CVE-2022-48939
CWE-834

CVE-2022-48939 details

Published : Aug. 22, 2024, 4:15 a.m.
Last Modified : Aug. 22, 2024, 7:02 p.m.

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing prevents batch ops to process huge amount of data, we need to add schedule points in them. Note that maybe_wait_bpf_programs(map) calls from generic_map_delete_batch() can be factorized by moving the call after the loop. This will be done later in -next tree once we get this fix merged, unless there is strong opinion doing this optimization sooner.

CVSS Score

1 2 3.3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-834 Excessive Iteration The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

Base Score

3.3

Exploitability Score

1.8

Impact Score

1.4

Base Severity

LOW

Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References

URL Source
https://git.kernel.org/stable/c/75134f16e7dd0007aa474b281935c5f42e79f2c8 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/7e8099967d0e3ff9d1ae043e80b27fbe46c08417 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/7ef94bfb08fb9e73defafbd5ddef6b5a0e2ee12b 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8628f489b749a4f9767991631921dbe3fbcdc784 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
This website uses the NVD API, but is not approved or certified by it.