CVE-2022-49322

26.02.2025, 07:01

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix sleeping function called from invalid context on RT kernel

When setting bootparams="trace_event=initcall:initcall_start tp_printk=1" in the
cmdline, the output_printk() was called, and the spin_lock_irqsave() was called in the
atomic and irq disable interrupt context suitation. On the PREEMPT_RT kernel,
these locks are replaced with sleepable rt-spinlock, so the stack calltrace will
be triggered.
Fix it by raw_spin_lock_irqsave when PREEMPT_RT and "trace_event=initcall:initcall_start
tp_printk=1" enabled.

 BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46
 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0
 preempt_count: 2, expected: 0
 RCU nest depth: 0, expected: 0
 Preemption disabled at:
 [<ffffffff8992303e>] try_to_wake_up+0x7e/0xba0
 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.1-rt17+ #19 34c5812404187a875f32bee7977f7367f9679ea7
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
 Call Trace:
  <TASK>
  dump_stack_lvl+0x60/0x8c
  dump_stack+0x10/0x12
  __might_resched.cold+0x11d/0x155
  rt_spin_lock+0x40/0x70
  trace_event_buffer_commit+0x2fa/0x4c0
  ? map_vsyscall+0x93/0x93
  trace_event_raw_event_initcall_start+0xbe/0x110
  ? perf_trace_initcall_finish+0x210/0x210
  ? probe_sched_wakeup+0x34/0x40
  ? ttwu_do_wakeup+0xda/0x310
  ? trace_hardirqs_on+0x35/0x170
  ? map_vsyscall+0x93/0x93
  do_one_initcall+0x217/0x3c0
  ? trace_event_raw_event_initcall_level+0x170/0x170
  ? push_cpu_stop+0x400/0x400
  ? cblist_init_generic+0x241/0x290
  kernel_init_freeable+0x1ac/0x347
  ? _raw_spin_unlock_irq+0x65/0x80
  ? rest_init+0xf0/0xf0
  kernel_init+0x1e/0x150
  ret_from_fork+0x22/0x30
  </TASK>

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Vendor	Product	Version
linux	linux_kernel	𝑥 < 4.14.283
linux	linux_kernel	4.15 ≤ 𝑥 < 4.19.247
linux	linux_kernel	4.20 ≤ 𝑥 < 5.4.198
linux	linux_kernel	5.5 ≤ 𝑥 < 5.10.122
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.47
linux	linux_kernel	5.16 ≤ 𝑥 < 5.17.15
linux	linux_kernel	5.18 ≤ 𝑥 < 5.18.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.234-1 fixed
bookworm	6.1.123-1 fixed
bookworm (security)	6.1.128-1 fixed
trixie	6.12.12-1 fixed
sid	6.12.16-1 fixed

Common Weakness Enumeration

CWE-667 - Improper Locking
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References

https://git.kernel.org/stable/c/12025abdc8539ed9d5014e2d647a3fd1bd3de5cd

https://git.kernel.org/stable/c/1788e6dbb61286215442b1af99e51405a6206762

https://git.kernel.org/stable/c/40f9fde06b25884baa0c4bd138b909a9b67218b4

https://git.kernel.org/stable/c/43bfc4dccc416c964b53cbdc430e814f8b6f770b

https://git.kernel.org/stable/c/48c6ee7d6c614f09b2c8553a95eefef6ecf196e0

https://git.kernel.org/stable/c/9abf3db8bdb63ab545034148ef2118f4d088ca59

https://git.kernel.org/stable/c/9b534640a2c6a8d88168febc82ec6d161184f2ec

https://git.kernel.org/stable/c/be1f323fb9d9b14a505ca22d742d321769454de1