{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48781","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-20T11:09:39.068Z","datePublished":"2024-07-16T11:13:18.493Z","dateUpdated":"2025-05-04T08:23:00.968Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:23:00.968Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - get rid of alg_memory_allocated\n\nalg_memory_allocated does not seem to be really used.\n\nalg_proto does have a .memory_allocated field, but no\ncorresponding .sysctl_mem.\n\nThis means sk_has_account() returns true, but all sk_prot_mem_limits()\nusers will trigger a NULL dereference [1].\n\nTHis was not a problem until SO_RESERVE_MEM addition.\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 3591 Comm: syz-executor153 Not tainted 5.17.0-rc3-syzkaller-00316-gb81b1829e7e3 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:sk_prot_mem_limits include/net/sock.h:1523 [inline]\nRIP: 0010:sock_reserve_memory+0x1d7/0x330 net/core/sock.c:1000\nCode: 08 00 74 08 48 89 ef e8 27 20 bb f9 4c 03 7c 24 10 48 8b 6d 00 48 83 c5 08 48 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 ef e8 fb 1f bb f9 48 8b 6d 00 4c 89 ff 48\nRSP: 0018:ffffc90001f1fb68 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: ffff88814aabc000 RCX: dffffc0000000000\nRDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff90e18120\nRBP: 0000000000000008 R08: dffffc0000000000 R09: fffffbfff21c3025\nR10: fffffbfff21c3025 R11: 0000000000000000 R12: ffffffff8d109840\nR13: 0000000000001002 R14: 0000000000000001 R15: 0000000000000001\nFS:  0000555556e08300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc74416f130 CR3: 0000000073d9e000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n sock_setsockopt+0x14a9/0x3a30 net/core/sock.c:1446\n __sys_setsockopt+0x5af/0x980 net/socket.c:2176\n __do_sys_setsockopt net/socket.c:2191 [inline]\n __se_sys_setsockopt net/socket.c:2188 [inline]\n __x64_sys_setsockopt+0xb1/0xc0 net/socket.c:2188\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7fc7440fddc9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffe98f07968 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc7440fddc9\nRDX: 0000000000000049 RSI: 0000000000000001 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000000000004 R09: 00007ffe98f07990\nR10: 0000000020000000 R11: 0000000000000246 R12: 00007ffe98f0798c\nR13: 00007ffe98f079a0 R14: 00007ffe98f079e0 R15: 0000000000000000\n </TASK>\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:sk_prot_mem_limits include/net/sock.h:1523 [inline]\nRIP: 0010:sock_reserve_memory+0x1d7/0x330 net/core/sock.c:1000\nCode: 08 00 74 08 48 89 ef e8 27 20 bb f9 4c 03 7c 24 10 48 8b 6d 00 48 83 c5 08 48 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 ef e8 fb 1f bb f9 48 8b 6d 00 4c 89 ff 48\nRSP: 0018:ffffc90001f1fb68 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: ffff88814aabc000 RCX: dffffc0000000000\nRDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff90e18120\nRBP: 0000000000000008 R08: dffffc0000000000 R09: fffffbfff21c3025\nR10: fffffbfff21c3025 R11: 0000000000000000 R12: ffffffff8d109840\nR13: 0000000000001002 R14: 0000000000000001 R15: 0000000000000001\nFS:  0000555556e08300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc74416f130 CR3: 0000000073d9e000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["crypto/af_alg.c"],"versions":[{"version":"2bb2f5fb21b0486ff69b7b4a1fe03a760527d133","lessThan":"9d06f489b9e901580159e21fdc29f73df7ed08dc","status":"affected","versionType":"git"},{"version":"2bb2f5fb21b0486ff69b7b4a1fe03a760527d133","lessThan":"25206111512de994dfc914f5b2972a22aa904ef3","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["crypto/af_alg.c"],"versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","status":"unaffected","versionType":"semver"},{"version":"5.16.11","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.16.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/9d06f489b9e901580159e21fdc29f73df7ed08dc"},{"url":"https://git.kernel.org/stable/c/25206111512de994dfc914f5b2972a22aa904ef3"}],"title":"crypto: af_alg - get rid of alg_memory_allocated","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:25:01.519Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/9d06f489b9e901580159e21fdc29f73df7ed08dc","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/25206111512de994dfc914f5b2972a22aa904ef3","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-48781","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:00:17.811714Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:17.040Z"}}]}}