阿里云漏洞库

漏洞描述

In the Linux kernel, the following vulnerability has been resolved:

net-sysfs: add check for netdevice being present to speed_show

When bringing down the netdevice or system shutdown, a panic can be

triggered while accessing the sysfs path because the device is already

removed.

[ 755.549084] mlx5_core 0000:12:00.1: Shutdown was called

[ 756.404455] mlx5_core 0000:12:00.0: Shutdown was called

...

[ 757.937260] BUG: unable to handle kernel NULL pointer dereference at (null)

[ 758.031397] IP: [<ffffffff8ee11acb>] dma_pool_alloc+0x1ab/0x280

crash> bt

...

PID: 12649 TASK: ffff8924108f2100 CPU: 1 COMMAND: "amsd"

...

#9 [ffff89240e1a38b0] page_fault at ffffffff8f38c778

[exception RIP: dma_pool_alloc+0x1ab]

RIP: ffffffff8ee11acb RSP: ffff89240e1a3968 RFLAGS: 00010046

RAX: 0000000000000246 RBX: ffff89243d874100 RCX: 0000000000001000

RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff89243d874090

RBP: ffff89240e1a39c0 R8: 000000000001f080 R9: ffff8905ffc03c00

R10: ffffffffc04680d4 R11: ffffffff8edde9fd R12: 00000000000080d0

R13: ffff89243d874090 R14: ffff89243d874080 R15: 0000000000000000

ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018

#10 [ffff89240e1a39c8] mlx5_alloc_cmd_msg at ffffffffc04680f3 [mlx5_core]

#11 [ffff89240e1a3a18] cmd_exec at ffffffffc046ad62 [mlx5_core]

#12 [ffff89240e1a3ab8] mlx5_cmd_exec at ffffffffc046b4fb [mlx5_core]

#13 [ffff89240e1a3ae8] mlx5_core_access_reg at ffffffffc0475434 [mlx5_core]

#14 [ffff89240e1a3b40] mlx5e_get_fec_caps at ffffffffc04a7348 [mlx5_core]

#15 [ffff89240e1a3bb0] get_fec_supported_advertised at ffffffffc04992bf [mlx5_core]

#16 [ffff89240e1a3c08] mlx5e_get_link_ksettings at ffffffffc049ab36 [mlx5_core]

#17 [ffff89240e1a3ce8] __ethtool_get_link_ksettings at ffffffff8f25db46

#18 [ffff89240e1a3d48] speed_show at ffffffff8f277208

#19 [ffff89240e1a3dd8] dev_attr_show at ffffffff8f0b70e3

#20 [ffff89240e1a3df8] sysfs_kf_seq_show at ffffffff8eedbedf

#21 [ffff89240e1a3e18] kernfs_seq_show at ffffffff8eeda596

#22 [ffff89240e1a3e28] seq_read at ffffffff8ee76d10

#23 [ffff89240e1a3e98] kernfs_fop_read at ffffffff8eedaef5

#24 [ffff89240e1a3ed8] vfs_read at ffffffff8ee4e3ff

#25 [ffff89240e1a3f08] sys_read at ffffffff8ee4f27f

#26 [ffff89240e1a3f50] system_call_fastpath at ffffffff8f395f92

crash> net_device.state ffff89443b0c0000

state = 0x5 (__LINK_STATE_START| __LINK_STATE_NOCARRIER)

To prevent this scenario, we also make sure that the netdevice is present.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://access.redhat.com/security/cve/CVE-2022-48850
https://git.kernel.org/stable/c/081369ad088a76429984483b8a5f7e967a125aad
https://git.kernel.org/stable/c/3a79f380b3e10edf6caa9aac90163a5d7a282204
https://git.kernel.org/stable/c/4224cfd7fb6523f7a9d1c8bb91bb5df1e38eb624
https://git.kernel.org/stable/c/75fc8363227a999e8f3d17e2eb28dce5600dcd3f
https://git.kernel.org/stable/c/8879b5313e9fa5e0c6d6812a0d25d83aed0110e2
https://git.kernel.org/stable/c/8d5e69d8fbf3a35ab4fbe56b8f092802b43f3ef6
https://git.kernel.org/stable/c/a7b9ab04c5932dee7ec95e0abc58b0df350c0dd2
https://git.kernel.org/stable/c/d15c9f6e3335002fea1c33bc8f71a705fa96976c
https://lore.kernel.org/linux-cve-announce/2024071625-CVE-2022-48850-247b@gregkh/T

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	debian_11	linux	*		Up to (excluding) 5.10.106-1
	运行在以下环境
	系统	debian_12	linux	*		Up to (excluding) 5.16.18-1
	运行在以下环境
	系统	linux	linux_kernel	*		Up to (excluding) 4.9.307
	运行在以下环境
	系统	linux	linux_kernel	*	From (including) 4.10	Up to (excluding) 4.14.272
	运行在以下环境
	系统	linux	linux_kernel	*	From (including) 4.15	Up to (excluding) 4.19.235
	运行在以下环境
	系统	linux	linux_kernel	*	From (including) 4.20	Up to (excluding) 5.4.185
	运行在以下环境
	系统	linux	linux_kernel	*	From (including) 5.11	Up to (excluding) 5.15.29
	运行在以下环境
	系统	linux	linux_kernel	*	From (including) 5.16	Up to (excluding) 5.16.15
	运行在以下环境
	系统	linux	linux_kernel	*	From (including) 5.5	Up to (excluding) 5.10.106

攻击路径

本地
攻击复杂度

困难
权限要求

管控权限
影响范围

有限影响
EXP成熟度

未验证
补丁情况

官方补丁
数据保密性

无影响
数据完整性

无影响
服务器危害

无影响
全网数量

N/A

CWE-ID	漏洞类型
CWE-476	空指针解引用

中危 CVE-2022-48850

漏洞描述

解决建议

参考链接

受影响软件情况