CVE-2022-48799

perf: Fix list corruption in perf_cgroup_switch()

Description

In the Linux kernel, the following vulnerability has been resolved: perf: Fix list corruption in perf_cgroup_switch() There's list corruption on cgrp_cpuctx_list. This happens on the following path: perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list) cpu_ctx_sched_in ctx_sched_in ctx_pinned_sched_in merge_sched_in perf_cgroup_event_disable: remove the event from the list Use list_for_each_entry_safe() to allow removing an entry during iteration.

N/A
CVSS
Severity:
EPSS 0.11%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186
https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727
https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45
https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8
https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a
https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81
https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0

Frequently Asked Questions

What is the severity of CVE-2022-48799?
CVE-2022-48799 has not yet been assigned a CVSS score.
How to fix CVE-2022-48799?
To fix CVE-2022-48799, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48799 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-48799 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48799?
CVE-2022-48799 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.