CVE-2022-48784
Cisco Linux KernelCMDvulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race where the exact same deadlock (see the original commit referenced below) can still happen if cfg80211_destroy_ifaces() already runs while nl80211_netlink_notify() is still marking some interfaces as nl_owner_dead. The race happens because we have two loops here - first we dev_close() all the netdevs, and then we destroy them. If we also have two netdevs (first one need only be a wdev though) then we can find one during the first iteration, close it, and go to the second iteration -- but then find two, and try to destroy also the one we didn't close yet. Fix this by only iterating once.
INFO
Published Date :
July 16, 2024, 12:15 p.m.
Last Modified :
Feb. 3, 2025, 3:43 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.0
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-48784.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-48784 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-48784 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Feb. 03, 2025
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Added CWE NIST CWE-362 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.12.1 up to (excluding) 5.15.25 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.16.11 *cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:* Changed Reference Type https://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb No Types Assigned https://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb Patch Changed Reference Type https://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb No Types Assigned https://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb Patch Changed Reference Type https://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2 No Types Assigned https://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2 Patch Changed Reference Type https://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2 No Types Assigned https://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2 Patch Changed Reference Type https://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed No Types Assigned https://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed Patch Changed Reference Type https://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed No Types Assigned https://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed Patch -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb Added Reference https://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2 Added Reference https://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jul. 16, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race where the exact same deadlock (see the original commit referenced below) can still happen if cfg80211_destroy_ifaces() already runs while nl80211_netlink_notify() is still marking some interfaces as nl_owner_dead. The race happens because we have two loops here - first we dev_close() all the netdevs, and then we destroy them. If we also have two netdevs (first one need only be a wdev though) then we can find one during the first iteration, close it, and go to the second iteration -- but then find two, and try to destroy also the one we didn't close yet. Fix this by only iterating once. Added Reference kernel.org https://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-48784 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-48784
weaknesses.