CVE-2022-48671

cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()

References

https://cve.org/CVERecord/?id=CVE-2022-48671

Notes

 carnil> Introduced in 4f7e7236435ca0ab ("cgroup: Fix threadgroup_rwsem <->
 carnil> cpus_read_lock() deadlock"). Vulnerable versions: 4.19.280 5.4.213 5.10.143
 carnil> 5.15.68 5.19.9 6.0-rc3.

Bugs

Status

Branch	Status
4.19-buster-security	released (4.19.282-1)
4.19-upstream-stable	released (4.19.280) [321488cfac7d0eb6d97de467015ff754f85813ff]
5.10-bullseye-security	released (5.10.148-1)
5.10-upstream-stable	released (5.10.145) [9f267393b036f1470fb12fb892d59e7ff8aeb58d]
6.1-bookworm-security	N/A "Fixed before branching point"
6.1-upstream-stable	N/A "Fixed before branching point"
6.6-upstream-stable	N/A "Fixed before branching point"
6.8-upstream-stable	N/A "Fixed before branching point"
sid	released (5.19.11-1)
upstream	released (6.0-rc3) [43626dade36fa74d3329046f4ae2d7fdefe401c6]