CVE-2022-49698

In the Linux kernel, the following vulnerability has been resolved:

netfilter: use getrandomu32 instead of prandom

bh might occur while updating per-cpu rndstate from user context, ie. localout path.

BUG: using smpprocessorid() in preemptible [00000000] code: nginx/2725 caller is nftngrandomeval+0x24/0x54 [nftnumgen] Call Trace: checkpreemptiondisabled+0xde/0xe0 nftngrandomeval+0x24/0x54 [nftnumgen]

Use the random driver instead, this also avoids need for local prandom state. Moreover, prandom now uses the random driver since d4150779e60f ("random32: use real rng for non-deterministic randomness").

Based on earlier patch from Pablo Neira.