CVE-2022-48784

Published: Jul 16, 2024

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race where the exact same deadlock (see the original commit referenced below) can still happen if cfg80211_destroy_ifaces() already runs while nl80211_netlink_notify() is still marking some interfaces as nl_owner_dead. The race happens because we have two loops here - first we dev_close() all the netdevs, and then we destroy them. If we also have two netdevs (first one need only be a wdev though) then we can find one during the first iteration, close it, and go to the second iteration -- but then find two, and try to destroy also the one we didn't close yet. Fix this by only iterating once.

Vendor	Product	Versions
Linux	Linux	affected `ea6b2098dd02789f68770fd3d5a373732207be2f - < 241e633cb379c4f332fc1baf2abec95ec840cbeb` affected `ea6b2098dd02789f68770fd3d5a373732207be2f - < c979f792a2baf6d0f3419587668a1a6eba46a3d2` affected `ea6b2098dd02789f68770fd3d5a373732207be2f - < f0a6fd1527067da537e9c48390237488719948ed` affected `2e4f97122f3a9df870dfe9671994136448890768` affected `5.12.1 - < 5.13`
Linux	Linux	affected `5.13` unaffected `0 - < 5.13` unaffected `5.15.25 - <= 5.15.` unaffected `5.16.11 - <= 5.16.` unaffected `5.17 - <= *`

References

https://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb

https://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2

https://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-48784

Description

Affected Products

References