CVE-2022-49698

In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user context, ie. local_out path. BUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725 caller is nft_ng_random_eval+0x24/0x54 [nft_numgen] Call Trace: check_preemption_disabled+0xde/0xe0 nft_ng_random_eval+0x24/0x54 [nft_numgen] Use the random driver instead, this also avoids need for local prandom state. Moreover, prandom now uses the random driver since d4150779e60f ("random32: use real rng for non-deterministic randomness"). Based on earlier patch from Pablo Neira.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b	Patch
https://git.kernel.org/stable/c/6ce71f83f798be7e1ca68707fec449fbecb38852	Patch
https://git.kernel.org/stable/c/b1fd94e704571f98b21027340eecf821b2bdffba	Patch
https://git.kernel.org/stable/c/d0906b0fffc9f19bc42708ca3e84e2089088386c	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc3::::::

History

24 Oct 2025, 19:11

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: el uso de get_random_u32 en lugar de prandom bh podría ocurrir mientras se actualiza rnd_state por CPU desde el contexto del usuario, es decir, la ruta local_out. ERROR: uso de smp_processor_id() en código preemptible [00000000]: el llamador de nginx/2725 es nft_ng_random_eval+0x24/0x54 [nft_numgen] Rastreo de llamadas: check_preemption_disabled+0xde/0xe0 nft_ng_random_eval+0x24/0x54 [nft_numgen] Use el controlador aleatorio en su lugar, esto también evita la necesidad de un estado prandom local. Además, prandom ahora usa el controlador aleatorio desde d4150779e60f ("random32: use real rng for non-deterministic randomness"). Basado en un parche anterior de Pablo Neira.
References	~~() https://git.kernel.org/stable/c/15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b -~~	() https://git.kernel.org/stable/c/15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b - Patch
References	~~() https://git.kernel.org/stable/c/6ce71f83f798be7e1ca68707fec449fbecb38852 -~~	() https://git.kernel.org/stable/c/6ce71f83f798be7e1ca68707fec449fbecb38852 - Patch
References	~~() https://git.kernel.org/stable/c/b1fd94e704571f98b21027340eecf821b2bdffba -~~	() https://git.kernel.org/stable/c/b1fd94e704571f98b21027340eecf821b2bdffba - Patch
References	~~() https://git.kernel.org/stable/c/d0906b0fffc9f19bc42708ca3e84e2089088386c -~~	() https://git.kernel.org/stable/c/d0906b0fffc9f19bc42708ca3e84e2089088386c - Patch
CPE		cpe:2.3:o:linux:linux_kernel:5.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:5.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
CWE		NVD-CWE-noinfo
First Time		Linux Linux linux Kernel

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-10-24 19:11

NVD link : CVE-2022-49698

Mitre link : CVE-2022-49698

CVE.ORG link : CVE-2022-49698

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

7.8 /10