CVE-2022-48638

Summary

In the Linux kernel, the following vulnerability has been resolved:

cgroup: cgroup_get_from_id() must check the looked-up kn is a directory

cgroup has to be one kernfs dir, otherwise kernel panic is caused, especially cgroup id is provide from userspace.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6b658c4863c15936872a93c9ee879043bf6393c9 < 8484a356cee8ce3d6a8e6266ff99be326e9273adaffected
LinuxLinux6b658c4863c15936872a93c9ee879043bf6393c9 < 1e9571887f97b17cf3ffe9aa4da89090ea60988baffected
LinuxLinux6b658c4863c15936872a93c9ee879043bf6393c9 < df02452f3df069a59bc9e69c84435bf115cb6e37affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.72 <= 5.15.*unaffected
LinuxLinux5.19.12 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References