CVE-2022-49090

MEDIUM EPSS 13.1%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on store_cpu_topology() to call update_siblings_masks() to transfer the toplogy to the various cpu masks. This needs to be done before the call to notify_cpu_starting() which tells the scheduler about each cpu found, otherwise the core scheduling data structures are setup in a way that does not match the actual topology. With smt_mask not setup correctly we bail on `cpumask_weight(smt_mask) == 1` for !leaders in: notify_cpu_starting() cpuhp_invoke_callback_range() sched_cpu_starting() sched_core_cpu_starting() which leads to rq->core not being correctly set for !leader-rq's. Without this change stress-ng (which enables core scheduling in its prctl tests in newer versions -- i.e. with PR_SCHED_CORE support) causes a warning and then a crash (trimmed for legibility): [ 1853.805168] ------------[ cut here ]------------ [ 1853.809784] task_rq(b)->core != rq->core [ 1853.809792] WARNING: CPU: 117 PID: 0 at kernel/sched/fair.c:11102 cfs_prio_less+0x1b4/0x1c4 ... [ 1854.015210] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 ... [ 1854.231256] Call trace: [ 1854.233689] pick_next_task+0x3dc/0x81c [ 1854.237512] __schedule+0x10c/0x4cc [ 1854.240988] schedule_idle+0x34/0x54

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
13.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥5.14  –  <5.15.34
linuxlinux_kernel*≥5.16  –  <5.16.20
linuxlinux_kernel*≥5.17  –  <5.17.3
linuxlinux_kernel5.18any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/5524cbb1bfcdff0cad0aaa9f94e6092002a07259
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/790c1567582bda8f1153015436e3330a7c6eb278
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/87f5d66daa5f457449bb95d6b8d18bb7596aa627
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c78a1b2d0bff678570c8dc9f14035606f5e5257d
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/5524cbb1bfcdff0cad0aaa9f94e6092002a07259
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/790c1567582bda8f1153015436e3330a7c6eb278
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/87f5d66daa5f457449bb95d6b8d18bb7596aa627
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c78a1b2d0bff678570c8dc9f14035606f5e5257d
    Patch