{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48974","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-08-22T01:27:53.631Z","datePublished":"2024-10-21T20:05:54.438Z","dateUpdated":"2025-05-04T08:27:13.712Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:27:13.712Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: fix using __this_cpu_add in preemptible\n\nCurrently in nf_conntrack_hash_check_insert(), when it fails in\nnf_ct_ext_valid_pre/post(), NF_CT_STAT_INC() will be called in the\npreemptible context, a call trace can be triggered:\n\n   BUG: using __this_cpu_add() in preemptible [00000000] code: conntrack/1636\n   caller is nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]\n   Call Trace:\n    <TASK>\n    dump_stack_lvl+0x33/0x46\n    check_preemption_disabled+0xc3/0xf0\n    nf_conntrack_hash_check_insert+0x45/0x430 [nf_conntrack]\n    ctnetlink_create_conntrack+0x3cd/0x4e0 [nf_conntrack_netlink]\n    ctnetlink_new_conntrack+0x1c0/0x450 [nf_conntrack_netlink]\n    nfnetlink_rcv_msg+0x277/0x2f0 [nfnetlink]\n    netlink_rcv_skb+0x50/0x100\n    nfnetlink_rcv+0x65/0x144 [nfnetlink]\n    netlink_unicast+0x1ae/0x290\n    netlink_sendmsg+0x257/0x4f0\n    sock_sendmsg+0x5f/0x70\n\nThis patch is to fix it by changing to use NF_CT_STAT_INC_ATOMIC() for\nnf_ct_ext_valid_pre/post() check in nf_conntrack_hash_check_insert(),\nas well as nf_ct_ext_valid_post() in __nf_conntrack_confirm().\n\nNote that nf_ct_ext_valid_pre() check in __nf_conntrack_confirm() is\nsafe to use NF_CT_STAT_INC(), as it's under local_bh_disable()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nf_conntrack_core.c"],"versions":[{"version":"c56716c69ce1ac320432fb1ea5654196ba24d2f8","lessThan":"d9bf1138a5db419db13bd9fcd3a7178d6bb20f7c","status":"affected","versionType":"git"},{"version":"c56716c69ce1ac320432fb1ea5654196ba24d2f8","lessThan":"9464d0b68f11a9bc768370c3260ec02b3550447b","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nf_conntrack_core.c"],"versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","status":"unaffected","versionType":"semver"},{"version":"6.0.13","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.0.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d9bf1138a5db419db13bd9fcd3a7178d6bb20f7c"},{"url":"https://git.kernel.org/stable/c/9464d0b68f11a9bc768370c3260ec02b3550447b"}],"title":"netfilter: conntrack: fix using __this_cpu_add in preemptible","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-48974","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-10-22T13:18:44.032188Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T13:28:37.347Z"}}]}}