CVE-2022-48939

bpf: Add schedule points in batch ops

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing prevents batch ops to process huge amount of data, we need to add schedule points in them. Note that maybe_wait_bpf_programs(map) calls from generic_map_delete_batch() can be factorized by moving the call after the loop. This will be done later in -next tree once we get this fix merged, unless there is strong opinion doing this optimization sooner.

Category

3.3
CVSS
Severity: Low
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7ef94bfb08fb9e73defafbd5ddef6b5a0e2ee12b patch
https://git.kernel.org/stable/c/8628f489b749a4f9767991631921dbe3fbcdc784 patch
https://git.kernel.org/stable/c/7e8099967d0e3ff9d1ae043e80b27fbe46c08417 patch
https://git.kernel.org/stable/c/75134f16e7dd0007aa474b281935c5f42e79f2c8 patch

Frequently Asked Questions

What is the severity of CVE-2022-48939?
CVE-2022-48939 has been scored as a low severity vulnerability.
How to fix CVE-2022-48939?
To fix CVE-2022-48939, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-48939 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-48939 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-48939?
CVE-2022-48939 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.