CVE-2022-48939

LOW

Linux Kernel 5.6-5.10.102, 5.11-5.15.25, 5.16-5.16.11 - Denial of Service via BPF Batch Operations

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing prevents batch ops to process huge amount of data, we need to add schedule points in them. Note that maybe_wait_bpf_programs(map) calls from generic_map_delete_batch() can be factorized by moving the call after the loop. This will be done later in -next tree once we get this fix merged, unless there is strong opinion doing this optimization sooner.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/7ef94bfb08fb9e73defafbd5ddef6b5a0e2ee12b

Patch

https://git.kernel.org/stable/c/8628f489b749a4f9767991631921dbe3fbcdc784

Patch

https://git.kernel.org/stable/c/7e8099967d0e3ff9d1ae043e80b27fbe46c08417

Patch

https://git.kernel.org/stable/c/75134f16e7dd0007aa474b281935c5f42e79f2c8

Scores

CVSS v3 3.3

EPSS 0.0020

EPSS Percentile 10.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-834

Status published

Products (14)

linux/Kernel 5.11.0 - 5.15.26linux

linux/Kernel 5.16.0 - 5.16.12linux

linux/Kernel 5.6.0 - 5.10.103linux

Linux/Linux < 5.6

Linux/Linux 5.10.103 - 5.10.*

Linux/Linux 5.15.26 - 5.15.*

Linux/Linux 5.16.12 - 5.16.*

Linux/Linux 5.17

Linux/Linux 5.6

Linux/Linux cb4d03ab499d4c040f4ab6fd4389d2b49f42b5a5 - 75134f16e7dd0007aa474b281935c5f42e79f2c8

... and 4 more

Published Aug 22, 2024

Tracked Since Feb 18, 2026