CVE-2022-49964

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level<br /> <br /> Though acpi_find_last_cache_level() always returned signed value and the<br /> document states it will return any errors caused by lack of a PPTT table,<br /> it never returned negative values before.<br /> <br /> Commit 0c80f9e165f8 ("ACPI: PPTT: Leave the table mapped for the runtime usage")<br /> however changed it by returning -ENOENT if no PPTT was found. The value<br /> returned from acpi_find_last_cache_level() is then assigned to unsigned<br /> fw_level.<br /> <br /> It will result in the number of cache leaves calculated incorrectly as<br /> a huge value which will then cause the following warning from __alloc_pages<br /> as the order would be great than MAX_ORDER because of incorrect and huge<br /> cache leaves value.<br /> <br /> | WARNING: CPU: 0 PID: 1 at mm/page_alloc.c:5407 __alloc_pages+0x74/0x314<br /> | Modules linked in:<br /> | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-10393-g7c2a8d3ac4c0 #73<br /> | pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> | pc : __alloc_pages+0x74/0x314<br /> | lr : alloc_pages+0xe8/0x318<br /> | Call trace:<br /> | __alloc_pages+0x74/0x314<br /> | alloc_pages+0xe8/0x318<br /> | kmalloc_order_trace+0x68/0x1dc<br /> | __kmalloc+0x240/0x338<br /> | detect_cache_attributes+0xe0/0x56c<br /> | update_siblings_masks+0x38/0x284<br /> | store_cpu_topology+0x78/0x84<br /> | smp_prepare_cpus+0x48/0x134<br /> | kernel_init_freeable+0xc4/0x14c<br /> | kernel_init+0x2c/0x1b4<br /> | ret_from_fork+0x10/0x20<br /> <br /> Fix the same by changing fw_level to be signed integer and return the<br /> error from init_cache_level() early in case of error.