Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-49353

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/02/2025
Last modified:
26/02/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/papr_scm: don&amp;#39;t requests stats with &amp;#39;0&amp;#39; sized stats buffer<br /> <br /> Sachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic being<br /> reported with vPMEM when papr_scm probe is being called. The panic is of the<br /> form below and is observed only with following option disabled(profile) for the<br /> said LPAR &amp;#39;Enable Performance Information Collection&amp;#39; in the HMC:<br /> <br /> Kernel attempted to write user page (1c) - exploit attempt? (uid: 0)<br /> BUG: Kernel NULL pointer dereference on write at 0x0000001c<br /> Faulting instruction address: 0xc008000001b90844<br /> Oops: Kernel access of bad area, sig: 11 [#1]<br /> <br /> NIP [c008000001b90844] drc_pmem_query_stats+0x5c/0x270 [papr_scm]<br /> LR [c008000001b92794] papr_scm_probe+0x2ac/0x6ec [papr_scm]<br /> Call Trace:<br /> 0xc00000000941bca0 (unreliable)<br /> papr_scm_probe+0x2ac/0x6ec [papr_scm]<br /> platform_probe+0x98/0x150<br /> really_probe+0xfc/0x510<br /> __driver_probe_device+0x17c/0x230<br /> <br /> ---[ end trace 0000000000000000 ]---<br /> Kernel panic - not syncing: Fatal exception<br /> <br /> On investigation looks like this panic was caused due to a &amp;#39;stat_buffer&amp;#39; of<br /> size==0 being provided to drc_pmem_query_stats() to fetch all performance<br /> stats-ids of an NVDIMM. However drc_pmem_query_stats() shouldn&amp;#39;t have been called<br /> since the vPMEM NVDIMM doesn&amp;#39;t support and performance stat-id&amp;#39;s. This was caused<br /> due to missing check for &amp;#39;p-&gt;stat_buffer_len&amp;#39; at the beginning of<br /> papr_scm_pmu_check_events() which indicates that the NVDIMM doesn&amp;#39;t support<br /> performance-stats.<br /> <br /> Fix this by introducing the check for &amp;#39;p-&gt;stat_buffer_len&amp;#39; at the beginning of<br /> papr_scm_pmu_check_events().<br /> <br /> [1] https://lore.kernel.org/all/6B3A522A-6A5F-4CC9-B268-0C63AA6E07D3@linux.ibm.com

Impact

References to Advisories, Solutions, and Tools