AZL-51327

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51327.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-51327

Upstream

CVE-2022-48976

Published

2024-10-21T20:15:09Z

Modified

2026-04-01T05:20:44.882099Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2022-48976 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable_offload: fix using __thiscpuadd in preemptible

flowoffloadqueuework() can be called in workqueue without bh disabled, like the call trace showed in my actct testing, calling NFFLOWTABLESTATINC() there would cause a call trace:

BUG: using _thiscpuadd() in preemptible [00000000] code: kworker/u4:0/138560 caller is flowoffloadqueuework+0xec/0x1b0 [nfflowtable] Workqueue: actctworkqueue tcfctflowtablecleanupwork [actct] Call Trace: <TASK> dumpstacklvl+0x33/0x46 checkpreemptiondisabled+0xc3/0xf0 flowoffloadqueuework+0xec/0x1b0 [nfflowtable] nfflowtableiterate+0x138/0x170 [nfflowtable] nfflowtablefree+0x140/0x1a0 [nfflowtable] tcfctflowtablecleanupwork+0x2f/0x2b0 [actct] processonework+0x6a3/0x1030 workerthread+0x8a/0xdf0

This patch fixes it by using NFFLOWTABLESTATINCATOMIC() instead in flowoffloadqueuework().

Note that for FLOWCLSREPLACE branch in flowoffloadqueuework(), it may not be called in preemptible path, but it's good to use NFFLOWTABLESTATINCATOMIC() for all cases in flowoffloadqueue_work().

References

https://nvd.nist.gov/vuln/detail/CVE-2022-48976

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51327.json"