Bug 2084435 (CVE-2022-1975) - CVE-2022-1975 kernel: sleep in atomic bug when firmware download timeout
Summary: CVE-2022-1975 kernel: sleep in atomic bug when firmware download timeout
Keywords:
Status: NEW
Alias: CVE-2022-1975
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2092095 2092096
Blocks: 2084436
TreeView+ depends on / blocked
 
Reported: 2022-05-12 06:52 UTC by TEJ RATHI
Modified: 2022-07-25 06:18 UTC (History)
50 users (show)

Fixed In Version: kernel 5.18 rc6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description TEJ RATHI 2022-05-12 06:52:50 UTC
The sleep-in-atomic bug in /net/nfc/netlink.c of linux that allows attacker to crash linux kernel by simulating nfc device from user-space.

[Root cause]

The root cause of this sleep-in-atomic bug is that nlmsg_new with GFP_KERNEL parameter
is called in fw_dnld_timeout which is a timer handler.

[Patch]

https://github.com/torvalds/linux/commit/4071bf121d59944d5cd2238de0642f3d7995a997

Comment 2 Rohit Keshri 2022-05-31 19:25:23 UTC
There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.


Note You need to log in before you can comment on or make changes to this bug.