{"vulnerability": "CVE-2022-48921", "sightings": [{"uuid": "40dcbacf-1d3b-4cda-b710-a6335eee9055", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-48921", "type": "seen", "source": "https://t.me/cvedetector/3853", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48921 - Linux Kernel Sched/Fair Null Pointer Dereference Vulnerability in Red Hat Enterprise Linux\", \n  \"Content\": \"CVE ID : CVE-2022-48921 \nPublished : Aug. 22, 2024, 2:15 a.m. | 37\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nsched/fair: Fix fault in reweight_entity  \n  \nSyzbot found a GPF in reweight_entity. This has been bisected to  \ncommit 4ef0c5c6b5ba (\"kernel/sched: Fix sched_fork() access an invalid  \nsched_task_group\")  \n  \nThere\u00a0is a race between sched_post_fork() and setpriority(PRIO_PGRP)  \nwithin a thread group that causes a null-ptr-deref\u00a0in  \nreweight_entity() in CFS. The scenario is that the main process spawns  \nnumber of new threads, which then call setpriority(PRIO_PGRP, 0, -20),  \nwait, and exit.  For each of the new threads the copy_process() gets  \ninvoked, which adds the new task_struct and calls sched_post_fork()  \nfor it.  \n  \nIn the above scenario there is a possibility that  \nsetpriority(PRIO_PGRP) and set_one_prio() will be called for a thread  \nin the group that is just being created by copy_process(), and for  \nwhich the sched_post_fork() has not been executed yet. This will  \ntrigger a null pointer dereference in reweight_entity(),\u00a0as it will  \ntry to access the run queue pointer, which hasn't been set.  \n  \nBefore the mentioned change the cfs_rq pointer for the task  has been  \nset in sched_fork(), which is called much earlier in copy_process(),  \nbefore the new task is added to the thread_group.  Now it is done in  \nthe sched_post_fork(), which is called after that.  To fix the issue  \nthe remove the update_load param from the update_load param() function  \nand call reweight_task() only if the task flag doesn't have the  \nTASK_NEW flag set. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T05:07:52.000000Z"}]}