CVE-2022-49804
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
01/05/2025
Last modified:
07/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
s390: avoid using global register for current_stack_pointer<br />
<br />
Commit 30de14b1884b ("s390: current_stack_pointer shouldn&#39;t be a<br />
function") made current_stack_pointer a global register variable like<br />
on many other architectures. Unfortunately on s390 it uncovers old<br />
gcc bug which is fixed only since gcc-9.1 [gcc commit 3ad7fed1cc87<br />
("S/390: Fix PR89775. Stackpointer save/restore instructions removed")]<br />
and backported to gcc-8.4 and later. Due to this bug gcc versions prior<br />
to 8.4 generate broken code which leads to stack corruptions.<br />
<br />
Current minimal gcc version required to build the kernel is declared<br />
as 5.1. It is not possible to fix all old gcc versions, so work<br />
around this problem by avoiding using global register variable for<br />
current_stack_pointer.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.18.1 (including) | 6.0.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.18:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.18:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.18:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.18:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.18:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.18:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page