UBUNTU-CVE-2022-49698

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user context, ie. local_out path. BUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725 caller is nft_ng_random_eval+0x24/0x54 [nft_numgen] Call Trace: check_preemption_disabled+0xde/0xe0 nft_ng_random_eval+0x24/0x54 [nft_numgen] Use the random driver instead, this also avoids need for local prandom state. Moreover, prandom now uses the random driver since d4150779e60f ("random32: use real rng for non-deterministic randomness"). Based on earlier patch from Pablo Neira.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•linux

  < 5.4.0-225.245 | < 5.15.0-48.54

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws

  < 5.4.0-1154.164 | < 5.15.0-1020.24

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1020.24~20.04.1

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1154.164~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-6.5

  all

• ubuntu•linux-aws-fips

  < 5.4.0-1154.164+fips1 | all

• ubuntu•linux-azure

  all | all | < 5.4.0-1157.164 | < 5.15.0-1020.25

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1020.25~20.04.1

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  all | < 5.4.0-1157.164~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.2

  all

• ubuntu•linux-azure-6.5

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all | all

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fde-6.2

  all

• ubuntu•linux-azure-fips

  < 5.4.0-1158.165+fips1 | all

• ubuntu•linux-bluefield

  all | < 5.4.0-1116.123 | all

• ubuntu•linux-fips

  < 5.4.0-1128.138 | all

• ubuntu•linux-gcp

  all | < 5.4.0-1157.166 | < 5.15.0-1018.24

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1018.24~20.04.1

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1157.166~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-6.5

  all

• ubuntu•linux-gcp-fips

  < 5.4.0-1157.166+fips1 | all

• ubuntu•linux-gke

  all | < 5.15.0-1016.19

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  all

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  all | < 5.15.0-1003.5

• ubuntu•linux-gkeop-5.15

  all

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  all

Showing first 50 affected entries in server-rendered view.

References (14)

• https://ubuntu.com/security/CVE-2022-49698
• https://www.cve.org/CVERecord?id=CVE-2022-49698
• https://git.kernel.org/linus/b1fd94e704571f98b21027340eecf821b2bdffba
• https://git.kernel.org/stable/c/15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b
• https://git.kernel.org/stable/c/6ce71f83f798be7e1ca68707fec449fbecb38852
• https://git.kernel.org/stable/c/b1fd94e704571f98b21027340eecf821b2bdffba
• https://git.kernel.org/stable/c/d0906b0fffc9f19bc42708ca3e84e2089088386c
• https://ubuntu.com/security/notices/USN-7990-1
• https://ubuntu.com/security/notices/USN-7990-2
• https://ubuntu.com/security/notices/USN-7990-3
• https://ubuntu.com/security/notices/USN-7990-4
• https://ubuntu.com/security/notices/USN-7990-5
• https://ubuntu.com/security/notices/USN-7990-6
• https://ubuntu.com/security/notices/USN-8224-1