suse · CVE-2022-49698

Quick triage

Priority: medium Published: 2025-02-27 00:30:21 UTC Updated: 2025-12-23 02:33:48 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2022-49698 severity moderate: SUSE including 46 source package names (bpftool-4.18.0-425.3.1.el8, cluster-md-kmp-default, …), 261 product×package rows across 45 product lines (SLES-LTSS-TERADATA 15 SP2, SUSE Liberty Linux 8, … (45 product lines)): Known Not Affected 241, Fixed 20.

Description:

In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user context, ie. local_out path. BUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725 caller is nft_ng_random_eval+0x24/0x54 [nft_numgen] Call Trace: check_preemption_disabled+0xde/0xe0 nft_ng_random_eval+0x24/0x54 [nft_numgen] Use the random driver instead, this also avoids need for local prandom state. Moreover, prandom now uses the random driver since d4150779e60f ("random32: use real rng for non-deterministic randomness"). Based on earlier patch from Pablo Neira.

cvelogic Threat Intelligence