CVE-2022-48784

{"id": "CVE-2022-48784", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2024-07-16T12:15:03.427", "references": [{"url": "https://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncfg80211: fix race in netlink owner interface destruction\n\nMy previous fix here to fix the deadlock left a race where\nthe exact same deadlock (see the original commit referenced\nbelow) can still happen if cfg80211_destroy_ifaces() already\nruns while nl80211_netlink_notify() is still marking some\ninterfaces as nl_owner_dead.\n\nThe race happens because we have two loops here - first we\ndev_close() all the netdevs, and then we destroy them. If we\nalso have two netdevs (first one need only be a wdev though)\nthen we can find one during the first iteration, close it,\nand go to the second iteration -- but then find two, and try\nto destroy also the one we didn't close yet.\n\nFix this by only iterating once."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: cfg80211: corrige la ejecuci\u00f3n en la destrucci\u00f3n de la interfaz del propietario de netlink. Mi soluci\u00f3n anterior aqu\u00ed para arreglar el punto muerto dej\u00f3 una ejecuci\u00f3n donde exactamente el mismo punto muerto (consulte la confirmaci\u00f3n original a la que se hace referencia a continuaci\u00f3n) a\u00fan puede ocurrir si cfg80211_destroy_ifaces () ya se ejecuta mientras nl80211_netlink_notify() todav\u00eda marca algunas interfaces como nl_owner_dead. La ejecuci\u00f3n ocurre porque tenemos dos bucles aqu\u00ed: primero dev_close() todos los netdevs y luego los destruimos. Si tambi\u00e9n tenemos dos netdevs (aunque el primero solo necesita ser un wdev), entonces podemos encontrar uno durante la primera iteraci\u00f3n, cerrarlo e ir a la segunda iteraci\u00f3n, pero luego encontrar dos e intentar destruir tambi\u00e9n el que tenemos. A\u00fan no ha cerrado. Solucione este problema iterando solo una vez."}], "lastModified": "2025-02-03T15:43:35.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96C77AE2-CEE4-431F-BED7-9E05F95F5CA1", "versionEndExcluding": "5.15.25", "versionStartIncluding": "5.12.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D327234-5D4A-43DC-A6DF-BCA0CEBEC039", "versionEndExcluding": "5.16.11", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}