Amazon Linux AMI 2: CVE-2022-48988: Security patch for kernel (Multiple Advisories)

Amazon Linux AMI 2: CVE-2022-48988: Security patch for kernel (Multiple Advisories)

Severity

7

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

10/21/2024

Created

01/23/2025

Added

01/22/2025

Modified

01/30/2025

Description

In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcg_write_event_control() memcg_write_event_control() accesses the dentry->d_name of the specified control fd to route the write call.As a cgroup interface file can't be renamed, it's safe to access d_name as long as the specified file is a regular cgroup file.Also, as these cgroup interface files can't be removed before the directory, it's safe to access the parent too. Prior to 347c4a874710 ("memcg: remove cgroup_event->cft"), there was a call to __file_cft() which verified that the specified file is a regular cgroupfs file before further accesses.The cftype pointer returned from __file_cft() was no longer necessary and the commit inadvertently dropped the file type check with it allowing any file to slip through.With the invarients broken, the d_name and parent accesses can now race against renames and removals of arbitrary files and cause use-after-free's. Fix the bug by resurrecting the file type check in __file_cft().Now that cgroupfs is implemented through kernfs, checking the file operations needs to go through a layer of indirection.Instead, let's check the superblock and dentry type.

Solution(s)

• amazon-linux-ami-2-upgrade-bpftool
• amazon-linux-ami-2-upgrade-bpftool-debuginfo
• amazon-linux-ami-2-upgrade-kernel
• amazon-linux-ami-2-upgrade-kernel-debuginfo
• amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64
• amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64
• amazon-linux-ami-2-upgrade-kernel-devel
• amazon-linux-ami-2-upgrade-kernel-headers
• amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-304-226-531
• amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-162-141-675
• amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-86-53-137
• amazon-linux-ami-2-upgrade-kernel-tools
• amazon-linux-ami-2-upgrade-kernel-tools-debuginfo
• amazon-linux-ami-2-upgrade-kernel-tools-devel
• amazon-linux-ami-2-upgrade-perf
• amazon-linux-ami-2-upgrade-perf-debuginfo
• amazon-linux-ami-2-upgrade-python-perf
• amazon-linux-ami-2-upgrade-python-perf-debuginfo

References

• https://attackerkb.com/topics/cve-2022-48988
• AL2/ALAS-2023-1932
• AL2/ALASKERNEL-5.10-2023-025
• AL2/ALASKERNEL-5.15-2023-012
• AL2/ALASKERNEL-5.4-2023-041
• CVE - 2022-48988