Loop with Unreachable Exit Condition ('Infinite Loop') Affecting kernel-doc package, versions *


Severity

Recommended
low

Based on CentOS security rating.

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS8-KERNELDOC-7324367
  • published21 Jun 2024
  • disclosed20 Jun 2024

Introduced: 20 Jun 2024

CVE-2022-48731  (opens in a new tab)
CWE-835  (opens in a new tab)

How to fix?

There is no fixed version for Centos:8 kernel-doc.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-doc package and not the kernel-doc package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

mm/kmemleak: avoid scanning potential huge holes

When using devm_request_free_mem_region() and devm_memremap_pages() to add ZONE_DEVICE memory, if requested free mem region's end pfn were huge(e.g., 0x400000000), the node_end_pfn() will be also huge (see move_pfn_range_to_zone()). Thus it creates a huge hole between node_start_pfn() and node_end_pfn().

We found on some AMD APUs, amdkfd requested such a free mem region and created a huge hole. In such a case, following code snippet was just doing busy test_bit() looping on the huge hole.

for (pfn = start_pfn; pfn < end_pfn; pfn++) { struct page *page = pfn_to_online_page(pfn); if (!page) continue; ... }

So we got a soft lockup:

watchdog: BUG: soft lockup - CPU#6 stuck for 26s! [bash:1221] CPU: 6 PID: 1221 Comm: bash Not tainted 5.15.0-custom #1 RIP: 0010:pfn_to_online_page+0x5/0xd0 Call Trace: ? kmemleak_scan+0x16a/0x440 kmemleak_write+0x306/0x3a0 ? common_file_perm+0x72/0x170 full_proxy_write+0x5c/0x90 vfs_write+0xb9/0x260 ksys_write+0x67/0xe0 __x64_sys_write+0x1a/0x20 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae

I did some tests with the patch.

(1) amdgpu module unloaded

before the patch:

real 0m0.976s user 0m0.000s sys 0m0.968s

after the patch:

real 0m0.981s user 0m0.000s sys 0m0.973s

(2) amdgpu module loaded

before the patch:

real 0m35.365s user 0m0.000s sys 0m35.354s

after the patch:

real 0m1.049s user 0m0.000s sys 0m1.042s

CVSS Scores

version 3.1