CVE-2022-49666

MEDIUM EPSS 14.6%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit") the kernel now validate the addr against high_memory value. This results in the below BUG_ON with dax pfns. [ 635.798741][T26531] kernel BUG at mm/page_alloc.c:5521! 1:mon> e cpu 0x1: Vector: 700 (Program Check) at [c000000007287630] pc: c00000000055ed48: free_pages.part.0+0x48/0x110 lr: c00000000053ca70: tlb_finish_mmu+0x80/0xd0 sp: c0000000072878d0 msr: 800000000282b033 current = 0xc00000000afabe00 paca = 0xc00000037ffff300 irqmask: 0x03 irq_happened: 0x05 pid = 26531, comm = 50-landscape-sy kernel BUG at :5521! Linux version 5.19.0-rc3-14659-g4ec05be7c2e1 (kvaneesh@ltc-boston8) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #625 SMP Thu Jun 23 00:35:43 CDT 2022 1:mon> t [link register ] c00000000053ca70 tlb_finish_mmu+0x80/0xd0 [c0000000072878d0] c00000000053ca54 tlb_finish_mmu+0x64/0xd0 (unreliable) [c000000007287900] c000000000539424 exit_mmap+0xe4/0x2a0 [c0000000072879e0] c00000000019fc1c mmput+0xcc/0x210 [c000000007287a20] c000000000629230 begin_new_exec+0x5e0/0xf40 [c000000007287ae0] c00000000070b3cc load_elf_binary+0x3ac/0x1e00 [c000000007287c10] c000000000627af0 bprm_execve+0x3b0/0xaf0 [c000000007287cd0] c000000000628414 do_execveat_common.isra.0+0x1e4/0x310 [c000000007287d80] c00000000062858c sys_execve+0x4c/0x60 [c000000007287db0] c00000000002c1b0 system_call_exception+0x160/0x2c0 [c000000007287e10] c00000000000c53c system_call_common+0xec/0x250 The fix is to make sure we update high_memory on memory hotplug. This is similar to what x86 does in commit 3072e413e305 ("mm/memory_hotplug: introduce add_pages")

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 17

VendorProductVersionRange
linuxlinux_kernel*≥5.4.190  –  <5.5
linuxlinux_kernel*≥5.10.111  –  <5.11
linuxlinux_kernel*≥5.15.34  –  <5.15.53
linuxlinux_kernel*≥5.16.20  –  <5.17
linuxlinux_kernel*≥5.17.3  –  <5.18
linuxlinux_kernel*≥5.18.1  –  <5.18.10
linuxlinux_kernel5.18any
linuxlinux_kernel5.18any
linuxlinux_kernel5.18any
linuxlinux_kernel5.18any
linuxlinux_kernel5.18any
linuxlinux_kernel5.18any
linuxlinux_kernel5.18any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/84d146fd35a01b08e9515041de60f0f915a417d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/89296ac435e2cf8a5101f7fab8f0c7b754b92052
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac790d09885d36143076e7e02825c541e8eee899
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/84d146fd35a01b08e9515041de60f0f915a417d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/89296ac435e2cf8a5101f7fab8f0c7b754b92052
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ac790d09885d36143076e7e02825c541e8eee899
    Patch