CVE-2022-49957

Summary

In the Linux kernel, the following vulnerability has been resolved:

kcm: fix strp_init() order and cleanup

strp_init() is called just a few lines above this csk->sk_user_data check, it also initializes strp->work etc., therefore, it is unnecessary to call strp_done() to cancel the freshly initialized work.

And if sk_user_data is already used by KCM, psock->strp should not be touched, particularly strp->work state, so we need to move strp_init() after the csk->sk_user_data check.

This also makes a lockdep warning reported by syzbot go away.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux44890e9ff771ef11777b2d1ebf8589255eb12502 < 473f394953216614087f4179e55cdf0cf616a13baffected
LinuxLinuxe5571240236c5652f3e079b1d5866716a7ad819c < a8a0c321319ad64a5427d6172cd9c23b4d6ca1e8affected
LinuxLinuxe5571240236c5652f3e079b1d5866716a7ad819c < 0946ff31d1a8778787bf6708beb20f38715267ccaffected
LinuxLinuxe5571240236c5652f3e079b1d5866716a7ad819c < 1b6666964ca1de93a7bf06e122bcf3616dbd33a9affected
LinuxLinuxe5571240236c5652f3e079b1d5866716a7ad819c < 55fb8c3baa8071c5d533a9ad48624e44e2a04ef5affected
LinuxLinuxe5571240236c5652f3e079b1d5866716a7ad819c < f865976baa85915c7672f351b74d5974b93215f6affected
LinuxLinuxe5571240236c5652f3e079b1d5866716a7ad819c < 8fc29ff3910f3af08a7c40a75d436b5720efe2bfaffected
LinuxLinux085cbbda4b4cc7dd2ba63806346881c2c2e10107affected
LinuxLinux383250363daf01eb7aa3728c09ef8a4f6d8a3252affected
LinuxLinux19042316b9e12c93bf334a04d4dd7a4e846c7311affected
LinuxLinux4.14.22 < 4.14.293affected
LinuxLinux4.9.84 < 4.10affected
LinuxLinux4.9.100 < 4.10affected
LinuxLinux4.15affected
LinuxLinux0 < 4.15unaffected
LinuxLinux4.14.293 <= 4.14.*unaffected
LinuxLinux4.19.258 <= 4.19.*unaffected
LinuxLinux5.4.213 <= 5.4.*unaffected
LinuxLinux5.10.142 <= 5.10.*unaffected
LinuxLinux5.15.66 <= 5.15.*unaffected
LinuxLinux5.19.8 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References