We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-48976

netfilter: flowtable_offload: fix using __this_cpu_add in preemptible



AssignerLinux
Reserved2024-08-22
Published2024-10-21
Updated2024-10-22

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable_offload: fix using __this_cpu_add in preemptible flow_offload_queue_work() can be called in workqueue without bh disabled, like the call trace showed in my act_ct testing, calling NF_FLOW_TABLE_STAT_INC() there would cause a call trace: BUG: using __this_cpu_add() in preemptible [00000000] code: kworker/u4:0/138560 caller is flow_offload_queue_work+0xec/0x1b0 [nf_flow_table] Workqueue: act_ct_workqueue tcf_ct_flow_table_cleanup_work [act_ct] Call Trace: <TASK> dump_stack_lvl+0x33/0x46 check_preemption_disabled+0xc3/0xf0 flow_offload_queue_work+0xec/0x1b0 [nf_flow_table] nf_flow_table_iterate+0x138/0x170 [nf_flow_table] nf_flow_table_free+0x140/0x1a0 [nf_flow_table] tcf_ct_flow_table_cleanup_work+0x2f/0x2b0 [act_ct] process_one_work+0x6a3/0x1030 worker_thread+0x8a/0xdf0 This patch fixes it by using NF_FLOW_TABLE_STAT_INC_ATOMIC() instead in flow_offload_queue_work(). Note that for FLOW_CLS_REPLACE branch in flow_offload_queue_work(), it may not be called in preemptible path, but it's good to use NF_FLOW_TABLE_STAT_INC_ATOMIC() for all cases in flow_offload_queue_work().

Product status

Default status
unaffected

b038177636f8 before a220a11fda01
affected

b038177636f8 before a81047154e7c
affected

Default status
affected

6.0
affected

Any version before 6.0
unaffected

6.0.13
unaffected

6.1
unaffected

References

https://git.kernel.org/stable/c/a220a11fda012fba506b35929672374c2723ae6d

https://git.kernel.org/stable/c/a81047154e7ce4eb8769d5d21adcbc9693542a79

cve.org CVE-2022-48976

nvd.nist.gov CVE-2022-48976

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.