Bug 1202623 - (CVE-2022-2938) VUL-0: CVE-2022-2938: kernel: use-after-free when psi trigger is destroyed while being polled.
(CVE-2022-2938)
VUL-0: CVE-2022-2938: kernel: use-after-free when psi trigger is destroyed wh...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/340387/
CVSSv3.1:SUSE:CVE-2022-2938:6.7:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-08-23 07:07 UTC by Robert Frohl
Modified: 2022-09-16 19:30 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
ncutler: needinfo?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2022-08-23 07:07:07 UTC
rh#2120175

A flaw was found in the Linux kernels pressure stall information subsystem. An local attacker able to register a PSI trigger and wait using the poll() call can create a use-after-free issue and possibly cause other unknown side-affects in kernel space.

The pressure stall subsystem is built with CONFIG_PSI_DEFAULT_DISABLED, which means it needs to be explicityl enabled with a kernel boot time parameter of 'psi=1'.   Without this parameter the system is not affected.


Upstream:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2120175
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2938
Comment 1 Robert Frohl 2022-08-23 08:49:39 UTC
tracking as affected SLE15-SP4 and linux-5.3
Comment 2 Robert Frohl 2022-08-23 09:56:04 UTC
(In reply to Robert Frohl from comment #1)
> tracking as affected SLE15-SP4 and linux-5.3

should probably add that by default we ship with CONFIG_PSI_DEFAULT_DISABLED
Comment 4 Vlastimil Babka 2022-08-25 13:30:36 UTC
We had the fix already through git-fixes, so I just added the references. Reassigning back.
Comment 5 Vlastimil Babka 2022-08-25 14:58:29 UTC
(In reply to Vlastimil Babka from comment #4)
> We had the fix already through git-fixes, so I just added the references.
> Reassigning back.

Should add that it was there since January, long before GA, so no supported vulnerable version was released.
Comment 10 Swamp Workflow Management 2022-09-16 13:26:20 UTC
SUSE-SU-2022:3288-1: An update that solves 25 vulnerabilities, contains four features and has 91 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1156395,1189999,1190497,1192968,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198577,1198702,1198971,1199356,1199515,1200301,1200313,1200431,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201361,1201442,1201455,1201489,1201610,1201726,1201768,1201865,1201940,1201948,1201956,1202094,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202872,1202898,1202989,1203036,1203041,1203063,1203098,1203107,1203117,1203138,1203139,1203159
CVE References: CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-1184,CVE-2022-20368,CVE-2022-20369,CVE-2022-2585,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190
JIRA References: SLE-19359,SLE-23766,SLE-24572,SLE-24682
Sources used:
openSUSE Leap 15.4 (src):    kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1
SUSE Linux Enterprise Module for Public Cloud 15-SP4 (src):    kernel-azure-5.14.21-150400.14.13.1, kernel-source-azure-5.14.21-150400.14.13.1, kernel-syms-azure-5.14.21-150400.14.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-09-16 19:30:39 UTC
SUSE-SU-2022:3293-1: An update that solves 23 vulnerabilities, contains 5 features and has 88 fixes is now available.

Category: security (important)
Bug References: 1023051,1032323,1065729,1156395,1190497,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198971,1199086,1199364,1199670,1200313,1200431,1200465,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201768,1201940,1201956,1201958,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202312,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202874,1202898,1203036,1203041,1203063,1203107,1203117,1203138,1203139,1203159
CVE References: CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-32250,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190
JIRA References: SLE-18130,SLE-19359,SLE-20183,SLE-23766,SLE-24572
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.14.21-150400.24.21.1, kernel-64kb-5.14.21-150400.24.21.2, kernel-debug-5.14.21-150400.24.21.2, kernel-default-5.14.21-150400.24.21.2, kernel-default-base-5.14.21-150400.24.21.2.150400.24.7.2, kernel-docs-5.14.21-150400.24.21.3, kernel-kvmsmall-5.14.21-150400.24.21.2, kernel-obs-build-5.14.21-150400.24.21.2, kernel-obs-qa-5.14.21-150400.24.21.1, kernel-source-5.14.21-150400.24.21.2, kernel-syms-5.14.21-150400.24.21.1, kernel-zfcpdump-5.14.21-150400.24.21.2
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2
SUSE Linux Enterprise Module for Live Patching 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2, kernel-livepatch-SLE15-SP4_Update_3-1-150400.9.3.2
SUSE Linux Enterprise Module for Legacy Software 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    kernel-docs-5.14.21-150400.24.21.3, kernel-obs-build-5.14.21-150400.24.21.2, kernel-source-5.14.21-150400.24.21.2, kernel-syms-5.14.21-150400.24.21.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-64kb-5.14.21-150400.24.21.2, kernel-default-5.14.21-150400.24.21.2, kernel-default-base-5.14.21-150400.24.21.2.150400.24.7.2, kernel-source-5.14.21-150400.24.21.2, kernel-zfcpdump-5.14.21-150400.24.21.2
SUSE Linux Enterprise High Availability 15-SP4 (src):    kernel-default-5.14.21-150400.24.21.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.