In the Linux kernel, the following vulnerability has been resolved:
nvme: fix a possible use-after-free in controller reset during load
Unlike .queue_rq, in .submit_async_event drivers may not check the ctrl
readiness for AER submission. This may lead to a use-after-free
condition that was observed with nvme-tcp.
The race condition may happen in the following scenario:
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-5.4 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-bluefield | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gcp | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp-5.4 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gkeop | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-hwe-5.4 | < any | UNKNOWN |
git.kernel.org/linus/0fa0f99fc84e41057cbdd2efbfe91c6b2f47dd9d (5.17-rc3)
git.kernel.org/stable/c/0ead57ceb21bbf15963b4874c2ac67143455382f
git.kernel.org/stable/c/0fa0f99fc84e41057cbdd2efbfe91c6b2f47dd9d
git.kernel.org/stable/c/70356b756a58704e5c8818cb09da5854af87e765
git.kernel.org/stable/c/9e956a2596ae276124ef0d96829c013dd0faf861
git.kernel.org/stable/c/a25e460fbb0340488d119fb2e28fe3f829b7417e
git.kernel.org/stable/c/e043fb5a0336ee74614e26f0d9f36f1f5bb6d606
launchpad.net/bugs/cve/CVE-2022-48790
nvd.nist.gov/vuln/detail/CVE-2022-48790
security-tracker.debian.org/tracker/CVE-2022-48790
www.cve.org/CVERecord?id=CVE-2022-48790