{ "threat_severity" : "Moderate", "public_date" : "2024-07-16T00:00:00Z", "bugzilla" : { "description" : "kernel: SUNRPC: lock against ->sock changing during sysfs read", "id" : "2298155", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2298155" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nSUNRPC: lock against ->sock changing during sysfs read\n->sock can be set to NULL asynchronously unless ->recv_mutex is held.\nSo it is important to hold that mutex. Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a (\"SUNRPC: Check if the xprt is connected before\nhandling sysfs reads\") appears to attempt to fix this problem, but it\nonly narrows the race window.", "A vulnerability was found in the Linux kernel's SUNRPC component, where a race condition exists during sysfs read operations due to improper handling of the ->sock pointer. If the mutex ->recv_mutex is not held, ->sock may change asynchronously, leading to a potential kernel oops. This vulnerability can result in system instability and crashes during network operations." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6991", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "kernel-0:5.14.0-70.117.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:6990", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.117.1.rt21.189.el9_0" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-48816\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48816\nhttps://lore.kernel.org/linux-cve-announce/2024071648-CVE-2022-48816-e2a3@gregkh/T" ], "name" : "CVE-2022-48816", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }