{"id":"CVE-2022-49698","summary":"netfilter: use get_random_u32 instead of prandom","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: use get_random_u32 instead of prandom\n\nbh might occur while updating per-cpu rnd_state from user context,\nie. local_out path.\n\nBUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725\ncaller is nft_ng_random_eval+0x24/0x54 [nft_numgen]\nCall Trace:\n check_preemption_disabled+0xde/0xe0\n nft_ng_random_eval+0x24/0x54 [nft_numgen]\n\nUse the random driver instead, this also avoids need for local prandom\nstate. Moreover, prandom now uses the random driver since d4150779e60f\n(\"random32: use real rng for non-deterministic randomness\").\n\nBased on earlier patch from Pablo Neira.","modified":"2026-04-02T08:27:50.776416Z","published":"2025-02-26T02:24:19.519Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49698.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6ce71f83f798be7e1ca68707fec449fbecb38852"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b1fd94e704571f98b21027340eecf821b2bdffba"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d0906b0fffc9f19bc42708ca3e84e2089088386c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49698.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49698"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"978d8f9055c3a7c35db2ac99cd2580b993396e33"},{"fixed":"15cc30ac2a8d7185f8ebf97dd1ddd90a7c79783b"},{"fixed":"d0906b0fffc9f19bc42708ca3e84e2089088386c"},{"fixed":"6ce71f83f798be7e1ca68707fec449fbecb38852"},{"fixed":"b1fd94e704571f98b21027340eecf821b2bdffba"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49698.json"}}],"schema_version":"1.7.5"}