CVE-2022-49446

{"id": "CVE-2022-49446", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:21.010", "references": [{"url": "https://git.kernel.org/stable/c/2f97ebc58d5fc83ca1528cd553fa725472ab3ca8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2fd853fdb40afc052de338693df1372f2ead7be7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/641649f31e20df630310f5c22f26c071acc676d4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ceb924ee16b2c8e48dcac3d9ad6be01c40b5a228", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e6829d1bd3c4b58296ee9e412f7ed4d6cb390192", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-667"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix firmware activation deadlock scenarios\n\nLockdep reports the following deadlock scenarios for CXL root device\npower-management, device_prepare(), operations, and device_shutdown()\noperations for 'nd_region' devices:\n\n Chain exists of:\n &nvdimm_region_key --> &nvdimm_bus->reconfig_mutex --> system_transition_mutex\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(system_transition_mutex);\n lock(&nvdimm_bus->reconfig_mutex);\n lock(system_transition_mutex);\n lock(&nvdimm_region_key);\n\n Chain exists of:\n &cxl_nvdimm_bridge_key --> acpi_scan_lock --> &cxl_root_key\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(&cxl_root_key);\n lock(acpi_scan_lock);\n lock(&cxl_root_key);\n lock(&cxl_nvdimm_bridge_key);\n\nThese stem from holding nvdimm_bus_lock() over hibernate_quiet_exec()\nwhich walks the entire system device topology taking device_lock() along\nthe way. The nvdimm_bus_lock() is protecting against unregistration,\nmultiple simultaneous ops callers, and preventing activate_show() from\nracing activate_store(). For the first 2, the lock is redundant.\nUnregistration already flushes all ops users, and sysfs already prevents\nmultiple threads to be active in an ops handler at the same time. For\nthe last userspace should already be waiting for its last\nactivate_store() to complete, and does not need activate_show() to flush\nthe write side, so this lock usage can be deleted in these attributes."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvdimm: Se corrigen los escenarios de bloqueo de activaci\u00f3n de firmware Lockdep informa los siguientes escenarios de bloqueo para la administraci\u00f3n de energ\u00eda del dispositivo ra\u00edz CXL, device_prepare(), operaciones y operaciones device_shutdown() para dispositivos 'nd_region': Existe una cadena de: &nvdimm_region_key --> &nvdimm_bus->reconfig_mutex --> system_transition_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(system_transition_mutex); lock(&nvdimm_bus->reconfig_mutex); lock(system_transition_mutex); lock(&nvdimm_region_key); Chain exists of: &cxl_nvdimm_bridge_key --> acpi_scan_lock --> &cxl_root_key Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&cxl_root_key); lock(acpi_scan_lock); lock(&cxl_root_key); lock(&cxl_nvdimm_bridge_key); Estos se derivan de mantener nvdimm_bus_lock() sobre hibernate_quiet_exec() que recorre toda la topolog\u00eda del dispositivo del sistema tomando device_lock() en el camino. nvdimm_bus_lock() protege contra la anulaci\u00f3n del registro, m\u00faltiples invocadores de operaciones simult\u00e1neas y evita que activate_show() compita con activate_store(). Para los primeros 2, el bloqueo es redundante. La anulaci\u00f3n del registro ya borra todos los usuarios de operaciones, y sysfs ya evita que varios subprocesos est\u00e9n activos en un controlador de operaciones al mismo tiempo. Para el \u00faltimo espacio de usuario ya deber\u00eda estar esperando a que se complete su \u00faltimo activate_store(), y no necesita activate_show() para borrar el lado de escritura, por lo que este uso de bloqueo se puede eliminar en estos atributos."}], "lastModified": "2025-10-01T20:16:19.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D72A0A66-110A-4144-A452-8FE84D5A41C8", "versionEndExcluding": "5.10.121", "versionStartIncluding": "5.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20D41697-0E8B-4B7D-8842-F17BF2AA21E1", "versionEndExcluding": "5.15.46", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}