CVE-2022-48800

16.07.2024, 12:15

In the Linux kernel, the following vulnerability has been resolved:

mm: vmscan: remove deadlock due to throttling failing to make progress

A soft lockup bug in kcompactd was reported in a private bugzilla with
the following visible in dmesg;

  watchdog: BUG: soft lockup - CPU#33 stuck for 26s! [kcompactd0:479]
  watchdog: BUG: soft lockup - CPU#33 stuck for 52s! [kcompactd0:479]
  watchdog: BUG: soft lockup - CPU#33 stuck for 78s! [kcompactd0:479]
  watchdog: BUG: soft lockup - CPU#33 stuck for 104s! [kcompactd0:479]

The machine had 256G of RAM with no swap and an earlier failed
allocation indicated that node 0 where kcompactd was run was potentially
unreclaimable;

  Node 0 active_anon:29355112kB inactive_anon:2913528kB active_file:0kB
    inactive_file:0kB unevictable:64kB isolated(anon):0kB isolated(file):0kB
    mapped:8kB dirty:0kB writeback:0kB shmem:26780kB shmem_thp:
    0kB shmem_pmdmapped: 0kB anon_thp: 23480320kB writeback_tmp:0kB
    kernel_stack:2272kB pagetables:24500kB all_unreclaimable? yes

Vlastimil Babka investigated a crash dump and found that a task
migrating pages was trying to drain PCP lists;

  PID: 52922  TASK: ffff969f820e5000  CPU: 19  COMMAND: "kworker/u128:3"
  Call Trace:
     __schedule
     schedule
     schedule_timeout
     wait_for_completion
     __flush_work
     __drain_all_pages
     __alloc_pages_slowpath.constprop.114
     __alloc_pages
     alloc_migration_target
     migrate_pages
     migrate_to_node
     do_migrate_pages
     cpuset_migrate_mm_workfn
     process_one_work
     worker_thread
     kthread
     ret_from_fork

This failure is specific to CONFIG_PREEMPT=n builds.  The root of the
problem is that kcompact0 is not rescheduling on a CPU while a task that
has isolated a large number of the pages from the LRU is waiting on
kcompact0 to reschedule so the pages can be released.  While
shrink_inactive_list() only loops once around too_many_isolated, reclaim
can continue without rescheduling if sc->skipped_deactivate == 1 which
could happen if there was no file LRU and the inactive anon list was not
low.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Linux	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
linux	linux_kernel	5.16 ≤ 𝑥 < 5.16.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.226-1 fixed
bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
trixie	6.11.5-1 fixed
sid	6.11.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-allwinner-5.19

noble	dne
jammy	ignored
focal	dne

linux-aws

noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-aws-5.0

noble	dne
jammy	dne
focal	dne
bionic	ignored

linux-aws-5.11

noble	dne
jammy	dne
focal	ignored

linux-aws-5.13

noble	dne
jammy	dne
focal	ignored

linux-aws-5.15

noble	dne
jammy	dne
focal	not-affected

linux-aws-5.19

noble	dne
jammy	ignored
focal	dne

linux-aws-5.3

noble	dne
jammy	dne
focal	dne
bionic	ignored

linux-aws-5.4

noble	dne
jammy	dne
focal	dne
bionic	not-affected

linux-aws-5.8

noble	dne
jammy	dne
focal	ignored

linux-aws-6.2

noble	dne
jammy	ignored
focal	dne

linux-aws-6.5

noble	dne
jammy	not-affected
focal	dne

linux-aws-fips

noble	dne
jammy	dne
focal	dne

linux-aws-hwe

noble	dne
jammy	dne
focal	dne
xenial	not-affected

linux-azure

noble	not-affected
jammy	not-affected
focal	not-affected
bionic	ignored
xenial	not-affected
trusty	not-affected

linux-azure-4.15

noble	dne
jammy	dne
focal	dne
bionic	not-affected

linux-azure-5.11

noble	dne
jammy	dne
focal	ignored

linux-azure-5.13

noble	dne
jammy	dne
focal	ignored

linux-azure-5.15

noble	dne
jammy	dne
focal	not-affected

linux-azure-5.19

noble	dne
jammy	ignored
focal	dne

linux-azure-5.3

noble	dne
jammy	dne
focal	dne
bionic	ignored

linux-azure-5.4

noble	dne
jammy	dne
focal	dne
bionic	not-affected

linux-azure-5.8

noble	dne
jammy	dne
focal	ignored

linux-azure-6.2

noble	dne
jammy	ignored
focal	dne

linux-azure-6.5

noble	dne
jammy	not-affected
focal	dne

linux-azure-edge

noble	dne
jammy	dne
focal	dne
bionic	ignored

linux-azure-fde

noble	dne
jammy	not-affected
focal	ignored

linux-azure-fde-5.15

noble	dne
jammy	dne
focal	not-affected

linux-azure-fde-5.19

noble	dne
jammy	ignored
focal	dne

linux-azure-fde-6.2

noble	dne
jammy	ignored
focal	dne

linux-azure-fips

noble	dne
jammy	dne
focal	dne

linux-bluefield

noble	dne
jammy	dne
focal	not-affected

linux-fips

noble	dne
jammy	dne
focal	dne

linux-gcp

noble	not-affected
jammy	not-affected
focal	not-affected
bionic	ignored
xenial	not-affected

linux-gcp-4.15

noble	dne
jammy	dne
focal	dne
bionic	not-affected

linux-gcp-5.11

noble	dne
jammy	dne
focal	ignored

linux-gcp-5.13

noble	dne
jammy	dne
focal	ignored

linux-gcp-5.15

noble	dne
jammy	dne
focal	not-affected

linux-gcp-5.19

noble	dne
jammy	ignored
focal	dne

linux-gcp-5.3

noble	dne
jammy	dne
focal	dne
bionic	ignored

linux-gcp-5.4

noble	dne
jammy	dne
focal	dne
bionic	not-affected

linux-gcp-5.8

noble	dne
jammy	dne
focal	ignored

linux-gcp-6.2

noble	dne
jammy	ignored
focal	dne

linux-gcp-6.5

noble	dne
jammy	not-affected
focal	dne

linux-gcp-fips

noble	dne
jammy	dne
focal	dne

linux-gke

noble	not-affected
jammy	not-affected
focal	ignored

linux-gke-4.15

noble	dne
jammy	dne
focal	dne
bionic	ignored

linux-gke-5.15

noble	dne
jammy	dne
focal	ignored

linux-gke-5.4

noble	dne
jammy	dne
focal	dne
bionic	ignored

linux-gkeop

noble	dne
jammy	not-affected
focal	not-affected

linux-gkeop-5.15

noble	dne
jammy	dne
focal	not-affected

linux-gkeop-5.4

noble	dne
jammy	dne
focal	dne
bionic	ignored

linux-hwe

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	not-affected

linux-hwe-5.11

noble	dne
jammy	dne
focal	ignored

linux-hwe-5.13

noble	dne
jammy	dne
focal	ignored

linux-hwe-5.15

noble	dne
jammy	dne
focal	not-affected

linux-hwe-5.19

noble	dne
jammy	ignored
focal	dne

linux-hwe-5.4

noble	dne
jammy	dne
focal	dne
bionic	not-affected

linux-hwe-5.8

noble	dne
jammy	dne
focal	ignored

linux-hwe-6.2

noble	dne
jammy	ignored
focal	dne

linux-hwe-6.5

noble	dne
jammy	ignored
focal	dne

linux-hwe-edge

noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored

linux-ibm

noble	not-affected
jammy	not-affected
focal	not-affected

linux-ibm-5.15

noble	dne
jammy	dne
focal	not-affected

linux-ibm-5.4

noble	dne
jammy	dne
focal	dne
bionic	not-affected

linux-intel

noble	not-affected
jammy	dne
focal	dne

linux-intel-5.13

noble	dne
jammy	dne
focal	ignored

linux-intel-iotg

noble	dne
jammy	not-affected
focal	dne

linux-intel-iotg-5.15

noble	dne
jammy	dne
focal	not-affected

linux-iot

noble	dne
jammy	dne
focal	not-affected

linux-kvm

noble	dne
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected

linux-lowlatency

noble	not-affected
jammy	not-affected
focal	dne

linux-lowlatency-hwe-5.15

noble	dne
jammy	dne
focal	not-affected

linux-lowlatency-hwe-5.19

noble	dne
jammy	ignored
focal	dne

linux-lowlatency-hwe-6.2

noble	dne
jammy	ignored
focal	dne

linux-lowlatency-hwe-6.5

noble	dne
jammy	ignored
focal	dne

linux-lts-xenial

noble	dne
jammy	dne
focal	dne
trusty	not-affected

linux-nvidia

noble	not-affected
jammy	not-affected
focal	dne

linux-nvidia-6.2

noble	dne
jammy	ignored
focal	dne

linux-nvidia-6.5

noble	dne
jammy	not-affected
focal	dne

linux-nvidia-6.8

noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-lowlatency

noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem

noble	dne
jammy	dne
focal	dne
bionic	ignored

linux-oem-5.10

noble	dne
jammy	dne
focal	ignored

linux-oem-5.13

noble	dne
jammy	dne
focal	ignored

linux-oem-5.14

noble	dne
jammy	dne
focal	ignored

linux-oem-5.17

noble	dne
jammy	ignored
focal	dne

linux-oem-5.6

noble	dne
jammy	dne
focal	ignored

linux-oem-6.0

noble	dne
jammy	ignored
focal	dne

linux-oem-6.1

noble	dne
jammy	ignored
focal	dne

linux-oem-6.5

noble	dne
jammy	not-affected
focal	dne

linux-oem-6.8

noble	not-affected
jammy	dne
focal	dne

linux-oracle

noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected

linux-oracle-5.0

noble	dne
jammy	dne
focal	dne
bionic	ignored

linux-oracle-5.11

noble	dne
jammy	dne
focal	ignored

linux-oracle-5.13

noble	dne
jammy	dne
focal	ignored

linux-oracle-5.15

noble	dne
jammy	dne
focal	not-affected

linux-oracle-5.3

noble	dne
jammy	dne
focal	dne
bionic	ignored

linux-oracle-5.4

noble	dne
jammy	dne
focal	dne
bionic	not-affected

linux-oracle-5.8

noble	dne
jammy	dne
focal	ignored

linux-oracle-6.5

noble	dne
jammy	not-affected
focal	dne

linux-raspi

noble	not-affected
jammy	not-affected
focal	not-affected

linux-raspi-5.4

noble	dne
jammy	dne
focal	dne
bionic	not-affected

linux-raspi2

noble	dne
jammy	dne
focal	ignored

linux-riscv

noble	not-affected
jammy	ignored
focal	ignored

linux-riscv-5.11

noble	dne
jammy	dne
focal	ignored

linux-riscv-5.15

noble	dne
jammy	dne
focal	not-affected

linux-riscv-5.19

noble	dne
jammy	ignored
focal	dne

linux-riscv-5.8

noble	dne
jammy	dne
focal	ignored

linux-riscv-6.5

noble	dne
jammy	ignored
focal	dne

linux-starfive-5.19

noble	dne
jammy	ignored
focal	dne

linux-starfive-6.2

noble	dne
jammy	ignored
focal	dne

linux-starfive-6.5

noble	dne
jammy	not-affected
focal	dne

linux-xilinx-zynqmp

noble	dne
jammy	not-affected
focal	not-affected

Common Weakness Enumeration

CWE-667 - Improper Locking
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References

https://git.kernel.org/stable/c/3980cff6349687f73d5109f156f23cb261c24164

https://git.kernel.org/stable/c/b485c6f1f9f54b81443efda5f3d8a5036ba2cd91

https://git.kernel.org/stable/c/3980cff6349687f73d5109f156f23cb261c24164

https://git.kernel.org/stable/c/b485c6f1f9f54b81443efda5f3d8a5036ba2cd91