Bug 2120175 (CVE-2022-2938) - CVE-2022-2938 kernel: use-after-free when psi trigger is destroyed while being polled
Summary: CVE-2022-2938 kernel: use-after-free when psi trigger is destroyed while bein...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-2938
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2046396 2120199 2120456 2120457
Blocks: 2069818 2120313
TreeView+ depends on / blocked
 
Reported: 2022-08-22 04:08 UTC by Wade Mealing
Modified: 2024-03-15 06:09 UTC (History)
53 users (show)

Fixed In Version: kernel 5.17
Clone Of:
Environment:
Last Closed: 2022-12-04 06:33:13 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:7444 0 None None None 2022-11-08 09:10:35 UTC
Red Hat Product Errata RHSA-2022:7683 0 None None None 2022-11-08 10:10:27 UTC
Red Hat Product Errata RHSA-2024:1188 0 None None None 2024-03-06 12:36:29 UTC

Description Wade Mealing 2022-08-22 04:08:20 UTC 
A flaw was found in the Linux kernels pressure stall information subsystem. An local attacker able to register a PSI trigger and wait using the poll() call can create a use-after-free issue and possibly cause other unknown side-affects in kernel space.

The pressure stall subsystem is built with CONFIG_PSI_DEFAULT_DISABLED, which means it needs to be explicityl enabled with a kernel boot time parameter of 'psi=1'.   Without this parameter the system is not affected.


Upstream:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848
Comment 1 Wade Mealing 2022-08-22 07:02:27 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2120199]
Comment 4 Justin M. Forbes 2022-08-22 21:02:34 UTC 
This was fixed for Fedora with the 5.15.19 stable kernel updates.
Comment 11 errata-xmlrpc 2022-11-08 09:10:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7444 https://access.redhat.com/errata/RHSA-2022:7444
Comment 12 errata-xmlrpc 2022-11-08 10:10:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7683 https://access.redhat.com/errata/RHSA-2022:7683
Comment 13 Product Security DevOps Team 2022-12-04 06:33:10 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2938
Comment 17 errata-xmlrpc 2024-03-06 12:36:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1188 https://access.redhat.com/errata/RHSA-2024:1188
Note You need to log in before you can comment on or make changes to this bug.