CVE-2022-48658
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48658
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48658.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-48658
- Downstream
- Related
- Published
- 2024-04-28T13:01:12Z
- Modified
- 2025-10-08T06:34:33.334779Z
- Summary
- mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mm: slub: fix flushcpuslab()/_freeslab() invocations in task context.
Commit 5a836bf6b09f ("mm: slub: move flushcpuslab() invocations freeslab() invocations out of IRQ context") moved all flushcpuslab() invocations to the global workqueue to avoid a problem related with deactivateslab()/freeslab() being called from an IRQ context on PREEMPTRT kernels.
When the flushallcpulocked() function is called from a task context it may happen that a workqueue with WQMEM_RECLAIM bit set ends up flushing the global workqueue, this will cause a dependency issue.
workqueue: WQMEMRECLAIM nvme-delete-wq:nvmedeletectrlwork [nvmecore] is flushing !WQMEMRECLAIM events:flushcpuslab WARNING: CPU: 37 PID: 410 at kernel/workqueue.c:2637 checkflushdependency+0x10a/0x120 Workqueue: nvme-delete-wq nvmedeletectrlwork [nvmecore] RIP: 0010:checkflushdependency+0x10a/0x120[ 453.262125] Call Trace: _flushwork.isra.0+0xbf/0x220 ? _queuework+0x1dc/0x420 flushallcpuslocked+0xfb/0x120 _kmemcacheshutdown+0x2b/0x320 kmemcachedestroy+0x49/0x100 biosetexit+0x143/0x190 blkreleasequeue+0xb9/0x100 kobjectcleanup+0x37/0x130 nvmefcctrlfree+0xc6/0x150 [nvmefc] nvmefreectrl+0x1ac/0x2b0 [nvme_core]
Fix this bug by creating a workqueue for the flush operation with the WQMEMRECLAIM bit set.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5a836bf6b09f99ead1b69457ff39ab3011ece57bFixed61703b248be993eb4997b00ae5d3318e6d8f3c5b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5a836bf6b09f99ead1b69457ff39ab3011ece57bFixeddf6cb39335cf5a1b918e8dbd8ba7cd9f1d00e45a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5a836bf6b09f99ead1b69457ff39ab3011ece57bFixede45cc288724f0cfd497bb5920bcfa60caa335729
Affected versions
v5.*
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.10
v5.19.11
v5.19.2
v5.19.3
v5.19.4
v5.19.5
v5.19.6
v5.19.7
v5.19.8
v5.19.9
v6.*
v6.0-rc1
v6.0-rc2
Database specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "mm/slub.c",
"function": "kmem_cache_init_late"
},
"id": "CVE-2022-48658-00204e18",
"digest": {
"length": 28.0,
"function_hash": "243241260315654151173211410925035820757"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e45cc288724f0cfd497bb5920bcfa60caa335729"
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "mm/slub.c"
},
"id": "CVE-2022-48658-039c0fa6",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250382171308800824080726518065099333706",
"333763053365780776552483567709413511368",
"170747052252694705551059237828894267341",
"99499583704414981458827291034119215822",
"178804029249720339835687356151012375199",
"268326903485970762318815958582025440970",
"146608216884342844463727609653006817472",
"52454041172996786681917457486076416447",
"71110407748499326351911455128710240440",
"134121158576941512602948640909564362568",
"184458165097729329433236209088862073825"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@61703b248be993eb4997b00ae5d3318e6d8f3c5b"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "mm/slub.c",
"function": "kmem_cache_init_late"
},
"id": "CVE-2022-48658-4b009df9",
"digest": {
"length": 28.0,
"function_hash": "243241260315654151173211410925035820757"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@61703b248be993eb4997b00ae5d3318e6d8f3c5b"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "mm/slub.c",
"function": "flush_all_cpus_locked"
},
"id": "CVE-2022-48658-5a991f57",
"digest": {
"length": 548.0,
"function_hash": "19966484360713691985485587976390776385"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e45cc288724f0cfd497bb5920bcfa60caa335729"
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "mm/slub.c"
},
"id": "CVE-2022-48658-7454325e",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250382171308800824080726518065099333706",
"333763053365780776552483567709413511368",
"170747052252694705551059237828894267341",
"99499583704414981458827291034119215822",
"178804029249720339835687356151012375199",
"268326903485970762318815958582025440970",
"146608216884342844463727609653006817472",
"52454041172996786681917457486076416447",
"71110407748499326351911455128710240440",
"134121158576941512602948640909564362568",
"184458165097729329433236209088862073825"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@df6cb39335cf5a1b918e8dbd8ba7cd9f1d00e45a"
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "mm/slub.c"
},
"id": "CVE-2022-48658-b5cb4765",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250382171308800824080726518065099333706",
"333763053365780776552483567709413511368",
"170747052252694705551059237828894267341",
"99499583704414981458827291034119215822",
"178804029249720339835687356151012375199",
"268326903485970762318815958582025440970",
"146608216884342844463727609653006817472",
"52454041172996786681917457486076416447",
"71110407748499326351911455128710240440",
"134121158576941512602948640909564362568",
"184458165097729329433236209088862073825"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e45cc288724f0cfd497bb5920bcfa60caa335729"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "mm/slub.c",
"function": "kmem_cache_init_late"
},
"id": "CVE-2022-48658-bc27f1ca",
"digest": {
"length": 28.0,
"function_hash": "243241260315654151173211410925035820757"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@df6cb39335cf5a1b918e8dbd8ba7cd9f1d00e45a"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "mm/slub.c",
"function": "flush_all_cpus_locked"
},
"id": "CVE-2022-48658-bfbbe262",
"digest": {
"length": 548.0,
"function_hash": "19966484360713691985485587976390776385"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@61703b248be993eb4997b00ae5d3318e6d8f3c5b"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "mm/slub.c",
"function": "flush_all_cpus_locked"
},
"id": "CVE-2022-48658-f33854d5",
"digest": {
"length": 548.0,
"function_hash": "19966484360713691985485587976390776385"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@df6cb39335cf5a1b918e8dbd8ba7cd9f1d00e45a"
}
]
}