admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-486xx/CVE-2022-48634.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

76 lines
8.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-48634",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-28T13:15:06.617",
"lastModified": "2024-11-21T07:33:39.400",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix BUG: sleeping function called from invalid context errors\n\ngma_crtc_page_flip() was holding the event_lock spinlock while calling\ncrtc_funcs->mode_set_base() which takes ww_mutex.\n\nThe only reason to hold event_lock is to clear gma_crtc->page_flip_event\non mode_set_base() errors.\n\nInstead unlock it after setting gma_crtc->page_flip_event and on\nerrors re-take the lock and clear gma_crtc->page_flip_event it\nit is still set.\n\nThis fixes the following WARN/stacktrace:\n\n[ 512.122953] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:870\n[ 512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, name: gnome-shell\n[ 512.123031] preempt_count: 1, expected: 0\n[ 512.123048] RCU nest depth: 0, expected: 0\n[ 512.123066] INFO: lockdep is turned off.\n[ 512.123080] irq event stamp: 0\n[ 512.123094] hardirqs last enabled at (0): [<0000000000000000>] 0x0\n[ 512.123134] hardirqs last disabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0\n[ 512.123176] softirqs last enabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0\n[ 512.123207] softirqs last disabled at (0): [<0000000000000000>] 0x0\n[ 512.123233] Preemption disabled at:\n[ 512.123241] [<0000000000000000>] 0x0\n[ 512.123275] CPU: 3 PID: 1253 Comm: gnome-shell Tainted: G W 5.19.0+ #1\n[ 512.123304] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\n[ 512.123323] Call Trace:\n[ 512.123346] <TASK>\n[ 512.123370] dump_stack_lvl+0x5b/0x77\n[ 512.123412] __might_resched.cold+0xff/0x13a\n[ 512.123458] ww_mutex_lock+0x1e/0xa0\n[ 512.123495] psb_gem_pin+0x2c/0x150 [gma500_gfx]\n[ 512.123601] gma_pipe_set_base+0x76/0x240 [gma500_gfx]\n[ 512.123708] gma_crtc_page_flip+0x95/0x130 [gma500_gfx]\n[ 512.123808] drm_mode_page_flip_ioctl+0x57d/0x5d0\n[ 512.123897] ? drm_mode_cursor2_ioctl+0x10/0x10\n[ 512.123936] drm_ioctl_kernel+0xa1/0x150\n[ 512.123984] drm_ioctl+0x21f/0x420\n[ 512.124025] ? drm_mode_cursor2_ioctl+0x10/0x10\n[ 512.124070] ? rcu_read_lock_bh_held+0xb/0x60\n[ 512.124104] ? lock_release+0x1ef/0x2d0\n[ 512.124161] __x64_sys_ioctl+0x8d/0xd0\n[ 512.124203] do_syscall_64+0x58/0x80\n[ 512.124239] ? do_syscall_64+0x67/0x80\n[ 512.124267] ? trace_hardirqs_on_prepare+0x55/0xe0\n[ 512.124300] ? do_syscall_64+0x67/0x80\n[ 512.124340] ? rcu_read_lock_sched_held+0x10/0x80\n[ 512.124377] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 512.124411] RIP: 0033:0x7fcc4a70740f\n[ 512.124442] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00\n[ 512.124470] RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f\n[ 512.124524] RDX: 00007ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009\n[ 512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034\n[ 512.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0\n[ 512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0\n[ 512.124647] </TASK>"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/gma500: Correcci\u00f3n de ERROR: funci\u00f3n inactiva llamada desde errores de contexto no v\u00e1lidos gma_crtc_page_flip() estaba manteniendo el spinlock event_lock mientras llamaba a crtc_funcs-&gt;mode_set_base() que toma ww_mutex. La \u00fanica raz\u00f3n para mantener event_lock es borrar los errores de gma_crtc-&gt;page_flip_event en mode_set_base(). En su lugar, desbloqu\u00e9elo despu\u00e9s de configurar gma_crtc-&gt;page_flip_event y, en caso de errores, vuelva a tomar el bloqueo y borre gma_crtc-&gt;page_flip_event si todav\u00eda est\u00e1 configurado. Esto corrige la siguiente ADVERTENCIA/stacktrace: [512.122953] ERROR: funci\u00f3n inactiva llamada desde un contexto no v\u00e1lido en kernel/locking/mutex.c:870 [512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, nombre: gnome-shell [512.123031] preempt_count: 1, esperado: 0 [512.123048] Profundidad del nido de RCU: 0, esperado: 0 [512.123066] INFORMACI\u00d3N: lockdep est\u00e1 desactivado. [ 512.123080] sello de evento irq: 0 [ 512.123094] hardirqs habilitado por \u00faltima vez en (0): [&lt;0000000000000000&gt;] 0x0 [ 512.123134] hardirqs deshabilitado por \u00faltima vez en (0): [] copy_process+0x9fc/0x1de0 [ 5 12.123176] softirqs habilitado por \u00faltima vez en (0): [] copy_process+0x9fc/0x1de0 [ 512.123207] softirqs deshabilitado por \u00faltima vez en (0): [&lt;0000000000000000&gt;] 0x0 [ 512.123233] Preferencia deshabilitada en: [ 512.123241] 0000000000&gt;] 0x0 [ 512.123275] CPU: 3 PID: 1253 Comunicaciones: gnome-shell Contaminado: GW 5.19.0+ #1 [ 512.123304] Nombre de hardware: Packard Bell dot s/SJE01_CT, BIOS V1.10 23/07/2013 [ 512.123323] Seguimiento de llamadas : [ 512.123346] [ 512.123370] dump_stack_lvl+0x5b/0x77 [ 512.123412] __might_resched.cold+0xff/0x13a [ 512.123458] ww_mutex_lock+0x1e/0xa0 [ 512.123495 ] psb_gem_pin+0x2c/0x150 [gma500_gfx] [ 512.123601] gma_pipe_set_base+0x76 /0x240 [gma500_gfx] [ 512.123708] gma_crtc_page_flip+0x95/0x130 [gma500_gfx] [ 512.123808] drm_mode_page_flip_ioctl+0x57d/0x5d0 [ 512.123897] ? drm_mode_cursor2_ioctl+0x10/0x10 [ 512.123936] drm_ioctl_kernel+0xa1/0x150 [ 512.123984] drm_ioctl+0x21f/0x420 [ 512.124025] ? drm_mode_cursor2_ioctl+0x10/0x10 [512.124070]? rcu_read_lock_bh_held+0xb/0x60 [512.124104]? lock_release+0x1ef/0x2d0 [ 512.124161] __x64_sys_ioctl+0x8d/0xd0 [ 512.124203] do_syscall_64+0x58/0x80 [ 512.124239] ? do_syscall_64+0x67/0x80 [512.124267]? trace_hardirqs_on_prepare+0x55/0xe0 [512.124300]? do_syscall_64+0x67/0x80 [512.124340]? rcu_read_lock_sched_held+0x10/0x80 [ 512.124377] Entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 512.124411] RIP: 0033:0x7fcc4a70740f [ 512.124442] C\u00f3digo: 00 48 89 44 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 &lt;89&gt; c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 24470]RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f [ 512.124524] RDX: 7ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009 [ 512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034 12.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0 [ 512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0 [ 512.124647 ] "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/63e37a79f7bd939314997e29c2f5a9f0ef184281",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a6ed7624bf4d0a32f2631e74828bca7b7bf15afd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e5ae504c8623476e13032670f1a6d6344d53ec9b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/63e37a79f7bd939314997e29c2f5a9f0ef184281",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/a6ed7624bf4d0a32f2631e74828bca7b7bf15afd",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e5ae504c8623476e13032670f1a6d6344d53ec9b",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink