Resource Injection Affecting kernel-cross-headers package, versions <0:4.18.0-305.139.1.el8_4
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-KERNELCROSSHEADERS-7884961
- published 3 Sep 2024
- disclosed 16 Jul 2024
Introduced: 16 Jul 2024
CVE-2022-48799 Open this link in a new tabHow to fix?
Upgrade RHEL:8
kernel-cross-headers
to version 0:4.18.0-305.139.1.el8_4 or higher.
This issue was patched in RHSA-2024:6156
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-cross-headers
package and not the kernel-cross-headers
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix list corruption in perf_cgroup_switch()
There's list corruption on cgrp_cpuctx_list. This happens on the following path:
perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list) cpu_ctx_sched_in ctx_sched_in ctx_pinned_sched_in merge_sched_in perf_cgroup_event_disable: remove the event from the list
Use list_for_each_entry_safe() to allow removing an entry during iteration.
References
- https://access.redhat.com/security/cve/CVE-2022-48799
- https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81
- https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727
- https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186
- https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0
- https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a
- https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45
- https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8