{ "threat_severity" : "Moderate", "public_date" : "2024-07-16T00:00:00Z", "bugzilla" : { "description" : "kernel: perf: Fix list corruption in perf_cgroup_switch()", "id" : "2298135", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2298135" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-99", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nperf: Fix list corruption in perf_cgroup_switch()\nThere's list corruption on cgrp_cpuctx_list. This happens on the\nfollowing path:\nperf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)\ncpu_ctx_sched_in\nctx_sched_in\nctx_pinned_sched_in\nmerge_sched_in\nperf_cgroup_event_disable: remove the event from the list\nUse list_for_each_entry_safe() to allow removing an entry during\niteration.", "A vulnerability was found in the Linux kernel's performance monitoring subsystem, where the perf_cgroup_switch() function can lead to list corruption on the cgrp_cpuctx_list. This occurs during the iteration of the list when an entry is removed using perf_cgroup_event_disable, which does not safely handle the modification. The impact of this vulnerability can cause instability and unexpected behavior in performance monitoring events." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6992", "cpe" : "cpe:/o:redhat:rhel_aus:8.2", "package" : "kernel-0:4.18.0-193.141.1.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6156", "cpe" : "cpe:/o:redhat:rhel_aus:8.4", "package" : "kernel-0:4.18.0-305.139.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6160", "cpe" : "cpe:/a:redhat:rhel_tus:8.4::nfv", "package" : "kernel-rt-0:4.18.0-305.139.1.rt7.215.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6156", "cpe" : "cpe:/o:redhat:rhel_tus:8.4", "package" : "kernel-0:4.18.0-305.139.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6156", "cpe" : "cpe:/o:redhat:rhel_e4s:8.4", "package" : "kernel-0:4.18.0-305.139.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2024-08-21T00:00:00Z", "advisory" : "RHSA-2024:5692", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "kernel-0:4.18.0-372.119.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2024-08-21T00:00:00Z", "advisory" : "RHSA-2024:5692", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "kernel-0:4.18.0-372.119.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2024-08-21T00:00:00Z", "advisory" : "RHSA-2024:5692", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "kernel-0:4.18.0-372.119.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6991", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "kernel-0:5.14.0-70.117.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6990", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.117.1.rt21.189.el9_0" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-48799\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48799\nhttps://lore.kernel.org/linux-cve-announce/2024071643-CVE-2022-48799-9594@gregkh/T" ], "name" : "CVE-2022-48799", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }