CVE - CVE-2022-48988

CVE-ID
CVE-2022-48988	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcg_write_event_control() memcg_write_event_control() accesses the dentry->d_name of the specified control fd to route the write call. As a cgroup interface file can't be renamed, it's safe to access d_name as long as the specified file is a regular cgroup file. Also, as these cgroup interface files can't be removed before the directory, it's safe to access the parent too. Prior to 347c4a874710 ("memcg: remove cgroup_event->cft"), there was a call to __file_cft() which verified that the specified file is a regular cgroupfs file before further accesses. The cftype pointer returned from __file_cft() was no longer necessary and the commit inadvertently dropped the file type check with it allowing any file to slip through. With the invarients broken, the d_name and parent accesses can now race against renames and removals of arbitrary files and cause use-after-free's. Fix the bug by resurrecting the file type check in __file_cft(). Now that cgroupfs is implemented through kernfs, checking the file operations needs to go through a layer of indirection. Instead, let's check the superblock and dentry type.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/0ed074317b835caa6c03bcfa8f133365324673dc URL:https://git.kernel.org/stable/c/0ed074317b835caa6c03bcfa8f133365324673dc MISC:https://git.kernel.org/stable/c/35963b31821920908e397146502066f6b032c917 URL:https://git.kernel.org/stable/c/35963b31821920908e397146502066f6b032c917 MISC:https://git.kernel.org/stable/c/4a7ba45b1a435e7097ca0f79a847d0949d0eb088 URL:https://git.kernel.org/stable/c/4a7ba45b1a435e7097ca0f79a847d0949d0eb088 MISC:https://git.kernel.org/stable/c/aad8bbd17a1d586005feb9226c2e9cfce1432e13 URL:https://git.kernel.org/stable/c/aad8bbd17a1d586005feb9226c2e9cfce1432e13 MISC:https://git.kernel.org/stable/c/b77600e26fd48727a95ffd50ba1e937efb548125 URL:https://git.kernel.org/stable/c/b77600e26fd48727a95ffd50ba1e937efb548125 MISC:https://git.kernel.org/stable/c/e1ae97624ecf400ea56c238bff23e5cd139df0b8 URL:https://git.kernel.org/stable/c/e1ae97624ecf400ea56c238bff23e5cd139df0b8 MISC:https://git.kernel.org/stable/c/f1f7f36cf682fa59db15e2089039a2eeb58ff2ad URL:https://git.kernel.org/stable/c/f1f7f36cf682fa59db15e2089039a2eeb58ff2ad
Assigning CNA
kernel.org
Date Record Created
20240822	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240822)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)