Bug 2298116 (CVE-2022-48780) - CVE-2022-48780 kernel: net/smc: Avoid overwriting the copies of clcsock callback functions
Summary: CVE-2022-48780 kernel: net/smc: Avoid overwriting the copies of clcsock callb...
Keywords:
Status: NEW
Alias: CVE-2022-48780
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-16 12:23 UTC by OSIDB Bzimport
Modified: 2024-10-18 14:53 UTC (History)
5 users (show)

Fixed In Version: kernel 5.15.25, kernel 5.16.11
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-07-16 12:23:32 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net/smc: Avoid overwriting the copies of clcsock callback functions

The callback functions of clcsock will be saved and replaced during
the fallback. But if the fallback happens more than once, then the
copies of these callback functions will be overwritten incorrectly,
resulting in a loop call issue:

clcsk->sk_error_report
 |- smc_fback_error_report() <------------------------------|
     |- smc_fback_forward_wakeup()                          | (loop)
         |- clcsock_callback()  (incorrectly overwritten)   |
             |- smc->clcsk_error_report() ------------------|

So this patch fixes the issue by saving these function pointers only
once in the fallback and avoiding overwriting.
Comment 11 David Arcari 2024-07-18 16:55:51 UTC 
Upstream commit 1de9770d121ee9294794cca0e0be8fbfa0134ee8 was introduced into RHEL as d00cae867efb20542ed955ebe4a29ab6bb9f539b via
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2044294

This code is present in RHEL9.1.
Note You need to log in before you can comment on or make changes to this bug.