CVE-2022-49034
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/12/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK<br />
<br />
When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected,<br />
cpu_max_bits_warn() generates a runtime warning similar as below when<br />
showing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)<br />
instead of NR_CPUS to iterate CPUs.<br />
<br />
[ 3.052463] ------------[ cut here ]------------<br />
[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0<br />
[ 3.070072] Modules linked in: efivarfs autofs4<br />
[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052<br />
[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000<br />
[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430<br />
[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff<br />
[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890<br />
[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa<br />
[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000<br />
[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000<br />
[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000<br />
[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286<br />
[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c<br />
[ 3.195868] ...<br />
[ 3.199917] Call Trace:<br />
[ 3.203941] [] show_stack+0x38/0x14c<br />
[ 3.210666] [] dump_stack_lvl+0x60/0x88<br />
[ 3.217625] [] __warn+0xd0/0x100<br />
[ 3.223958] [] warn_slowpath_fmt+0x7c/0xcc<br />
[ 3.231150] [] show_cpuinfo+0x5e8/0x5f0<br />
[ 3.238080] [] seq_read_iter+0x354/0x4b4<br />
[ 3.245098] [] new_sync_read+0x17c/0x1c4<br />
[ 3.252114] [] vfs_read+0x138/0x1d0<br />
[ 3.258694] [] ksys_read+0x70/0x100<br />
[ 3.265265] [] do_syscall+0x7c/0x94<br />
[ 3.271820] [] handle_syscall+0xc4/0x160<br />
[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.325 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.287 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.231 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.174 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.120 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.64 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.11.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.12 (including) | 6.12.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/09faf32c682ea4a547200b8b9e04d8b3c8e84b55
- https://git.kernel.org/stable/c/2b6b8e011fab680a223b5e07a3c64774156ec6fe
- https://git.kernel.org/stable/c/39373f6f89f52770a5405d30dddd08a27d097872
- https://git.kernel.org/stable/c/3c891f7c6a4e90bb1199497552f24b26e46383bc
- https://git.kernel.org/stable/c/701e32900683378d93693fec15d133e2c5f7ada2
- https://git.kernel.org/stable/c/77755dc95ff2f9a3e473acc1e039f498629949ea
- https://git.kernel.org/stable/c/8fbb57eabfc8ae67115cb47f904614c99d626a89
- https://git.kernel.org/stable/c/e2b91997db286a5dd3cca6d5d9c20004851f22eb
- https://git.kernel.org/stable/c/f8f26cf69003a37ffa947631fc0e6fe6daee624a
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html