CVE-2022-48671
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48671
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48671.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48671
- Downstream
- Related
- Published
- 2024-05-03T14:50:23Z
- Modified
- 2025-10-15T16:24:30.199731Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
cgroup: Add missing cpusreadlock() to cgroupattachtask_all()
syzbot is hitting percpurwsemassertheld(&cpuhotpluglock) warning at cpusetattach() [1], for commit 4f7e7236435ca0ab ("cgroup: Fix threadgrouprwsem <-> cpusreadlock() deadlock") missed that cpusetattach() is also called from cgroupattachtaskall(). Add cpusreadlock() like what cgroupprocswritestart() does.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/07191f984842d50020789ff14c75da436a7f46a9
- https://git.kernel.org/stable/c/321488cfac7d0eb6d97de467015ff754f85813ff
- https://git.kernel.org/stable/c/43626dade36fa74d3329046f4ae2d7fdefe401c6
- https://git.kernel.org/stable/c/5db17805b6ba4c34dab303f49aea3562fc25af75
- https://git.kernel.org/stable/c/99bc25748e394d17f9e8b10cc7f273b8e64c1c7e
- https://git.kernel.org/stable/c/9f267393b036f1470fb12fb892d59e7ff8aeb58d
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede446300968c6bd25d9cd6c33b9600780a39b3975Fixed321488cfac7d0eb6d97de467015ff754f85813ff
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced59c6902a96b4439e07c25ef86a4593bea5481c3bFixed07191f984842d50020789ff14c75da436a7f46a9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddee1e2b18cf5426eed985512ccc6636ec69dbdd6Fixed9f267393b036f1470fb12fb892d59e7ff8aeb58d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3bf4bf54069f9b62a54988e5d085023c17a66c90Fixed5db17805b6ba4c34dab303f49aea3562fc25af75
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc0deb027c99c099aa6b831e326bfba802b25e774Fixed99bc25748e394d17f9e8b10cc7f273b8e64c1c7e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4f7e7236435ca0abe005c674ebd6892c6e83aeb3Fixed43626dade36fa74d3329046f4ae2d7fdefe401c6
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "252306520383445713572297765986971473674",
"length": 473.0
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f267393b036f1470fb12fb892d59e7ff8aeb58d",
"signature_type": "Function",
"id": "CVE-2022-48671-ca23afe5",
"signature_version": "v1",
"target": {
"function": "cgroup_attach_task_all",
"file": "kernel/cgroup/cgroup-v1.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"303188937433754210024151070993501779506",
"305248952126220394430862485589678416269",
"323373086524899501686940646732207213329",
"94951747250617309421363145818797619955",
"270775309127768204922062638478545043809",
"138476793633101490292668424369299526043",
"248991778604469373638484093563749915013",
"327676054232727696654136748738821693674"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f267393b036f1470fb12fb892d59e7ff8aeb58d",
"signature_type": "Line",
"id": "CVE-2022-48671-eb3260b5",
"signature_version": "v1",
"target": {
"file": "kernel/cgroup/cgroup-v1.c"
}
}
]