CVE-2022-48799

Summary

In the Linux kernel, the following vulnerability has been resolved:

perf: Fix list corruption in perf_cgroup_switch()

There's list corruption on cgrp_cpuctx_list. This happens on the following path:

perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list) cpu_ctx_sched_in ctx_sched_in ctx_pinned_sched_in merge_sched_in perf_cgroup_event_disable: remove the event from the list

Use list_for_each_entry_safe() to allow removing an entry during iteration.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 < 5d76ed4223403f90421782adb2f20a9ecbc93186affected
LinuxLinux058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 < 30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727affected
LinuxLinux058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 < a2ed7b29d0673ba361546e2d87dbbed149456c45affected
LinuxLinux058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 < f6b5d51976fcefef5732da3e3feb3ccff680f7c8affected
LinuxLinux058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 < 7969fe91c9830e045901970e9d755b7505881d4aaffected
LinuxLinux058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 < 2142bc1469a316fddd10012d76428f7265258f81affected
LinuxLinux058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 < 5f4e5ce638e6a490b976ade4a40017b40abb2da0affected
LinuxLinux4.11affected
LinuxLinux0 < 4.11unaffected
LinuxLinux4.14.267 <= 4.14.*unaffected
LinuxLinux4.19.230 <= 4.19.*unaffected
LinuxLinux5.4.180 <= 5.4.*unaffected
LinuxLinux5.10.101 <= 5.10.*unaffected
LinuxLinux5.15.24 <= 5.15.*unaffected
LinuxLinux5.16.10 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References