CVE-2022-48780 in Linux
Summary
by MITRE • 07/16/2024
In the Linux kernel, the following vulnerability has been resolved:
net/smc: Avoid overwriting the copies of clcsock callback functions
The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies of these callback functions will be overwritten incorrectly, resulting in a loop call issue:
clcsk->sk_error_report |- smc_fback_error_report() <------------------------------| |- smc_fback_forward_wakeup() | (loop) |- clcsock_callback() (incorrectly overwritten) | |- smc->clcsk_error_report() ------------------|
So this patch fixes the issue by saving these function pointers only once in the fallback and avoiding overwriting.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 10/03/2025
The vulnerability identified as CVE-2022-48780 resides within the Linux kernel's socket communication management subsystem, specifically affecting the SMC (Scalable Memory Communication) implementation. This flaw manifests in the handling of callback functions during fallback operations, creating a critical condition that can lead to system instability and potential denial of service. The issue impacts systems utilizing the SMC protocol for high-performance network communication, particularly those employing the clcsock (connectionless socket) mechanism that manages socket callbacks for various network events.
The technical root cause of this vulnerability lies in the improper management of function pointers during multiple fallback scenarios within the SMC subsystem. When the system encounters conditions requiring fallback from primary communication paths to alternative mechanisms, it saves copies of the original callback functions to facilitate the transition. However, the implementation contains a logic flaw where these saved function pointers are overwritten during subsequent fallback operations, rather than being preserved from the initial fallback. This incorrect overwriting creates a circular reference chain that results in infinite recursion during error reporting operations.
The operational impact of this vulnerability is severe as it creates a deterministic loop condition that can cause system hang or crash scenarios. When the error reporting mechanism attempts to process network errors, it follows the corrupted callback chain where clcsk->sk_error_report eventually calls smc_fback_error_report, which then invokes smc_fback_forward_wakeup, leading back to clcsock_callback that has been incorrectly overwritten, ultimately calling smc->clcsk_error_report again. This loop continues indefinitely until system resources are exhausted or the kernel panics, making it particularly dangerous in production environments where continuous network availability is critical. The vulnerability specifically affects systems running Linux kernel versions where the SMC implementation has not been patched.
The fix implemented addresses this issue by ensuring that callback function pointers are saved only once during the initial fallback operation, preventing subsequent fallbacks from overwriting these critical function references. This approach aligns with best practices for function pointer management in kernel space and follows the principle of least privilege by avoiding unnecessary modifications to core system structures. The solution prevents the circular reference that was causing the infinite loop while maintaining the intended functionality of the fallback mechanism. This patch directly addresses CWE-835, which specifically covers infinite loops in software, and relates to the ATT&CK technique T1499.004, which involves network denial of service attacks that can be facilitated by kernel-level vulnerabilities. The mitigation strategy ensures that the SMC subsystem maintains proper callback integrity during fallback operations, thereby preserving system stability and preventing the loop condition that could be exploited by malicious actors to disrupt network services.