vulnerability
Ubuntu: (CVE-2022-48751): linux-fips vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:S/C:N/I:N/A:C) | Jun 20, 2024 | Jun 26, 2025 | Aug 18, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
net/smc: Transitional solution for clcsock race issue
We encountered a crash in smc_setsockopt() and it is caused by
accessing smc->clcsock after clcsock was released.
BUG: kernel NULL pointer dereference, address: 0000000000000020
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 PID: 50309 Comm: nginx Kdump: loaded Tainted: G E 5.16.0-rc4+ #53
RIP: 0010:smc_setsockopt+0x59/0x280 [smc]
Call Trace:
<TASK>
__sys_setsockopt+0xfc/0x190
__x64_sys_setsockopt+0x20/0x30
do_syscall_64+0x34/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f16ba83918e
</TASK>
This patch tries to fix it by holding clcsock_release_lock and
checking whether clcsock has already been released before access.
In case that a crash of the same reason happens in smc_getsockopt()
or smc_switch_to_fallback(), this patch also checkes smc->clcsock
in them too. And the caller of smc_switch_to_fallback() will identify
whether fallback succeeds according to the return value.
Solution
References
- CVE-2022-48751
- https://attackerkb.com/topics/CVE-2022-48751
- CWE-476
- URL-https://git.kernel.org/linus/c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760
- URL-https://git.kernel.org/stable/c/38f0bdd548fd2ef5d481b88d8a2bfef968452e34
- URL-https://git.kernel.org/stable/c/4284225cd8001e134f5cf533a7cd244bbb654d0f
- URL-https://git.kernel.org/stable/c/c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760
- URL-https://www.cve.org/CVERecord?id=CVE-2022-48751
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.