一、 漏洞 CVE-2022-48996 基础信息
漏洞标题
damon_sysfs_set_schemes()在线调整时对空方案假设错误漏洞
来源:AIGC 神龙大模型
漏洞描述信息
在Linux内核中,已修复以下漏洞: mm/damon/sysfs: 在damon_sysfs_set_schemes()中修复在线调优时错误的空方案假设 提交da87878010e5 ("mm/damon/sysfs: 支持在线输入更新") 使得damon_sysfs_set_schemes()被调用,用于更新正在运行的DAMON上下文,该上下文可能包含方案。在这种情况下,DAMON sysfs接口应更新、移除或添加方案以反映sysfs文件。然而,代码假设DAMON上下文根本不会有任何方案,因此创建并添加了新的方案。结果,代码未能按预期进行在线方案调优,并可能导致内存占用超出预期。尽管如此,所有方案都在DAMON上下文中,因此不会造成内存泄漏。 移除damon_sysfs_set_schemes()中错误的假设(DAMON上下文不会有任何方案)来修复该漏洞。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
来源:AIGC 神龙大模型
漏洞类别
输入验证不恰当
来源:AIGC 神龙大模型
漏洞标题
mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes()
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes() Commit da87878010e5 ("mm/damon/sysfs: support online inputs update") made 'damon_sysfs_set_schemes()' to be called for running DAMON context, which could have schemes. In the case, DAMON sysfs interface is supposed to update, remove, or add schemes to reflect the sysfs files. However, the code is assuming the DAMON context wouldn't have schemes at all, and therefore creates and adds new schemes. As a result, the code doesn't work as intended for online schemes tuning and could have more than expected memory footprint. The schemes are all in the DAMON context, so it doesn't leak the memory, though. Remove the wrong asssumption (the DAMON context wouldn't have schemes) in 'damon_sysfs_set_schemes()' to fix the bug.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Linux kernel 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于在线调整方案时错误的空方案假设。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2022-48996 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2022-48996 的情报信息

  • 标题: mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    神龙速读
    mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes() - kernel/git/stable/linux.git - Linux kernel stable tree
  • https://nvd.nist.gov/vuln/detail/CVE-2022-48996