Bug 2298125 (CVE-2022-48789) - CVE-2022-48789 kernel: nvme-tcp: fix possible use-after-free in transport error_recovery work
Summary: CVE-2022-48789 kernel: nvme-tcp: fix possible use-after-free in transport err...
Keywords:
Status: NEW
Alias: CVE-2022-48789
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-16 12:25 UTC by OSIDB Bzimport
Modified: 2024-07-16 22:42 UTC (History)
4 users (show)

Fixed In Version: kernel 5.4.181, kernel 5.10.102, kernel 5.15.25, kernel 5.16.11, kernel 5.17
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2024-07-16 12:25:36 UTC
In the Linux kernel, the following vulnerability has been resolved:

nvme-tcp: fix possible use-after-free in transport error_recovery work

While nvme_tcp_submit_async_event_work is checking the ctrl and queue
state before preparing the AER command and scheduling io_work, in order
to fully prevent a race where this check is not reliable the error
recovery work must flush async_event_work before continuing to destroy
the admin queue after setting the ctrl state to RESETTING such that
there is no race .submit_async_event and the error recovery handler
itself changing the ctrl state.


Note You need to log in before you can comment on or make changes to this bug.