CVE-2022-48986
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/10/2024
Last modified:
01/11/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
mm/gup: fix gup_pud_range() for dax<br />
<br />
For dax pud, pud_huge() returns true on x86. So the function works as long<br />
as hugetlb is configured. However, dax doesn&#39;t depend on hugetlb.<br />
Commit 414fd080d125 ("mm/gup: fix gup_pmd_range() for dax") fixed<br />
devmap-backed huge PMDs, but missed devmap-backed huge PUDs. Fix this as<br />
well.<br />
<br />
This fixes the below kernel panic:<br />
<br />
general protection fault, probably for non-canonical address 0x69e7c000cc478: 0000 [#1] SMP<br />
<br />
Call Trace:<br />
<br />
get_user_pages_fast+0x1f/0x40<br />
iov_iter_get_pages+0xc6/0x3b0<br />
? mempool_alloc+0x5d/0x170<br />
bio_iov_iter_get_pages+0x82/0x4e0<br />
? bvec_alloc+0x91/0xc0<br />
? bio_alloc_bioset+0x19a/0x2a0<br />
blkdev_direct_IO+0x282/0x480<br />
? __io_complete_rw_common+0xc0/0xc0<br />
? filemap_range_has_page+0x82/0xc0<br />
generic_file_direct_write+0x9d/0x1a0<br />
? inode_update_time+0x24/0x30<br />
__generic_file_write_iter+0xbd/0x1e0<br />
blkdev_write_iter+0xb4/0x150<br />
? io_import_iovec+0x8d/0x340<br />
io_write+0xf9/0x300<br />
io_issue_sqe+0x3c3/0x1d30<br />
? sysvec_reschedule_ipi+0x6c/0x80<br />
__io_queue_sqe+0x33/0x240<br />
? fget+0x76/0xa0<br />
io_submit_sqes+0xe6a/0x18d0<br />
? __fget_light+0xd1/0x100<br />
__x64_sys_io_uring_enter+0x199/0x880<br />
? __context_tracking_enter+0x1f/0x70<br />
? irqentry_exit_to_user_mode+0x24/0x30<br />
? irqentry_exit+0x1d/0x30<br />
? __context_tracking_exit+0xe/0x70<br />
do_syscall_64+0x3b/0x90<br />
entry_SYSCALL_64_after_hwframe+0x61/0xcb<br />
RIP: 0033:0x7fc97c11a7be<br />
<br />
<br />
---[ end trace 48b2e0e67debcaeb ]---<br />
RIP: 0010:internal_get_user_pages_fast+0x340/0x990<br />
<br />
Kernel panic - not syncing: Fatal exception<br />
Kernel Offset: disabled
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.9.165 (including) | 4.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.108 (including) | 4.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.31 (including) | 4.20 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.0 (including) | 5.4.227 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.159 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.83 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.0.13 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/04edfa3dc06ecfc6133a33bc7271298782dee875
- https://git.kernel.org/stable/c/3ac29732a2ffa64c7de13a072b0f2848b9c11037
- https://git.kernel.org/stable/c/e06d13c36ded750c72521b600293befebb4e56c5
- https://git.kernel.org/stable/c/f1cf856123ceb766c49967ec79b841030fa1741f
- https://git.kernel.org/stable/c/fcd0ccd836ffad73d98a66f6fea7b16f735ea920