{"id":"CVE-2022-48931","summary":"configfs: fix a race in configfs_{,un}register_subsystem()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nconfigfs: fix a race in configfs_{,un}register_subsystem()\n\nWhen configfs_register_subsystem() or configfs_unregister_subsystem()\nis executing link_group() or unlink_group(),\nit is possible that two processes add or delete list concurrently.\nSome unfortunate interleavings of them can cause kernel panic.\n\nOne of cases is:\nA --\u003e B --\u003e C --\u003e D\nA \u003c-- B \u003c-- C \u003c-- D\n\n     delete list_head *B        |      delete list_head *C\n--------------------------------|-----------------------------------\nconfigfs_unregister_subsystem   |   configfs_unregister_subsystem\n  unlink_group                  |     unlink_group\n    unlink_obj                  |       unlink_obj\n      list_del_init             |         list_del_init\n        __list_del_entry        |           __list_del_entry\n          __list_del            |             __list_del\n            // next == C        |\n            next-\u003eprev = prev   |\n                                |               next-\u003eprev = prev\n            prev-\u003enext = next   |\n                                |                 // prev == B\n                                |                 prev-\u003enext = next\n\nFix this by adding mutex when calling link_group() or unlink_group(),\nbut parent configfs_subsystem is NULL when config_item is root.\nSo I create a mutex configfs_subsystem_mutex.","modified":"2026-04-02T08:27:09.508501Z","published":"2024-08-22T03:31:24.823Z","related":["SUSE-SU-2024:3189-1","SUSE-SU-2024:3190-1","SUSE-SU-2024:3209-1","SUSE-SU-2024:3227-1","SUSE-SU-2024:3251-1","SUSE-SU-2024:3252-1","SUSE-SU-2024:3408-1","SUSE-SU-2024:3483-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48931.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3aadfd46858b1f64d4d6a0654b863e21aabff975"},{"type":"WEB","url":"https://git.kernel.org/stable/c/40805099af11f68c5ca7dbcfacf455da8f99f622"},{"type":"WEB","url":"https://git.kernel.org/stable/c/84ec758fb2daa236026506868c8796b0500c047d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a37024f7757c25550accdebf49e497ad6ae239fe"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a7ab53d3c27dfe83bb594456b9f38a37796ec39b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b7e2b91fcb5c78c414e33dc8d50642e307ca0c5a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d1654de19d42f513b6cfe955cc77e7f427e05a77"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e7a66dd2687758718eddd79b542a95cf3aa488cc"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48931.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48931"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7063fbf2261194f72ee75afca67b3b38b554b5fa"},{"fixed":"40805099af11f68c5ca7dbcfacf455da8f99f622"},{"fixed":"d1654de19d42f513b6cfe955cc77e7f427e05a77"},{"fixed":"a37024f7757c25550accdebf49e497ad6ae239fe"},{"fixed":"b7e2b91fcb5c78c414e33dc8d50642e307ca0c5a"},{"fixed":"a7ab53d3c27dfe83bb594456b9f38a37796ec39b"},{"fixed":"e7a66dd2687758718eddd79b542a95cf3aa488cc"},{"fixed":"3aadfd46858b1f64d4d6a0654b863e21aabff975"},{"fixed":"84ec758fb2daa236026506868c8796b0500c047d"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48931.json"}}],"schema_version":"1.7.5"}