Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-48752

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/06/2024
Last modified:
29/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending<br /> <br /> Running selftest with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled in kernel<br /> triggered below warning:<br /> <br /> [ 172.851380] ------------[ cut here ]------------<br /> [ 172.851391] WARNING: CPU: 8 PID: 2901 at arch/powerpc/include/asm/hw_irq.h:246 power_pmu_disable+0x270/0x280<br /> [ 172.851402] Modules linked in: dm_mod bonding nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink sunrpc xfs libcrc32c pseries_rng xts vmx_crypto uio_pdrv_genirq uio sch_fq_codel ip_tables ext4 mbcache jbd2 sd_mod t10_pi sg ibmvscsi ibmveth scsi_transport_srp fuse<br /> [ 172.851442] CPU: 8 PID: 2901 Comm: lost_exception_ Not tainted 5.16.0-rc5-03218-g798527287598 #2<br /> [ 172.851451] NIP: c00000000013d600 LR: c00000000013d5a4 CTR: c00000000013b180<br /> [ 172.851458] REGS: c000000017687860 TRAP: 0700 Not tainted (5.16.0-rc5-03218-g798527287598)<br /> [ 172.851465] MSR: 8000000000029033 CR: 48004884 XER: 20040000<br /> [ 172.851482] CFAR: c00000000013d5b4 IRQMASK: 1<br /> [ 172.851482] GPR00: c00000000013d5a4 c000000017687b00 c000000002a10600 0000000000000004<br /> [ 172.851482] GPR04: 0000000082004000 c0000008ba08f0a8 0000000000000000 00000008b7ed0000<br /> [ 172.851482] GPR08: 00000000446194f6 0000000000008000 c00000000013b118 c000000000d58e68<br /> [ 172.851482] GPR12: c00000000013d390 c00000001ec54a80 0000000000000000 0000000000000000<br /> [ 172.851482] GPR16: 0000000000000000 0000000000000000 c000000015d5c708 c0000000025396d0<br /> [ 172.851482] GPR20: 0000000000000000 0000000000000000 c00000000a3bbf40 0000000000000003<br /> [ 172.851482] GPR24: 0000000000000000 c0000008ba097400 c0000000161e0d00 c00000000a3bb600<br /> [ 172.851482] GPR28: c000000015d5c700 0000000000000001 0000000082384090 c0000008ba0020d8<br /> [ 172.851549] NIP [c00000000013d600] power_pmu_disable+0x270/0x280<br /> [ 172.851557] LR [c00000000013d5a4] power_pmu_disable+0x214/0x280<br /> [ 172.851565] Call Trace:<br /> [ 172.851568] [c000000017687b00] [c00000000013d5a4] power_pmu_disable+0x214/0x280 (unreliable)<br /> [ 172.851579] [c000000017687b40] [c0000000003403ac] perf_pmu_disable+0x4c/0x60<br /> [ 172.851588] [c000000017687b60] [c0000000003445e4] __perf_event_task_sched_out+0x1d4/0x660<br /> [ 172.851596] [c000000017687c50] [c000000000d1175c] __schedule+0xbcc/0x12a0<br /> [ 172.851602] [c000000017687d60] [c000000000d11ea8] schedule+0x78/0x140<br /> [ 172.851608] [c000000017687d90] [c0000000001a8080] sys_sched_yield+0x20/0x40<br /> [ 172.851615] [c000000017687db0] [c0000000000334dc] system_call_exception+0x18c/0x380<br /> [ 172.851622] [c000000017687e10] [c00000000000c74c] system_call_common+0xec/0x268<br /> <br /> The warning indicates that MSR_EE being set(interrupt enabled) when<br /> there was an overflown PMC detected. This could happen in<br /> power_pmu_disable since it runs under interrupt soft disable<br /> condition ( local_irq_save ) and not with interrupts hard disabled.<br /> commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clear<br /> pending PMI before resetting an overflown PMC") intended to clear<br /> PMI pending bit in Paca when disabling the PMU. It could happen<br /> that PMC gets overflown while code is in power_pmu_disable<br /> callback function. Hence add a check to see if PMI pending bit<br /> is set in Paca before clearing it via clear_pmi_pending.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.10.94 (including) 5.10.96 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.15.17 (including) 5.15.19 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16.3 (including) 5.16.5 (excluding)
cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools