CVE-2022-48887 Affecting kernel-default-extra package, versions <5.14.21-150500.55.80.2


Severity

Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES155-KERNELDEFAULTEXTRA-8103920
  • published28 Sept 2024
  • disclosed27 Sept 2024

Introduced: 27 Sep 2024

CVE-2022-48887  (opens in a new tab)

How to fix?

Upgrade SLES:15.5 kernel-default-extra to version 5.14.21-150500.55.80.2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-default-extra package and not the kernel-default-extra package as distributed by SLES. See How to fix? for SLES:15.5 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Remove rcu locks from user resources

User resource lookups used rcu to avoid two extra atomics. Unfortunately the rcu paths were buggy and it was easy to make the driver crash by submitting command buffers from two different threads. Because the lookups never show up in performance profiles replace them with a regular spin lock which fixes the races in accesses to those shared resources.

Fixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and seen crashes with apps using shared resources.

CVSS Scores

version 3.1