| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/papr_scm: don't requests stats with '0' sized stats buffer\n\nSachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic being\nreported with vPMEM when papr_scm probe is being called. The panic is of the\nform below and is observed only with following option disabled(profile) for the\nsaid LPAR 'Enable Performance Information Collection' in the HMC:\n\n Kernel attempted to write user page (1c) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on write at 0x0000001c\n Faulting instruction address: 0xc008000001b90844\n Oops: Kernel access of bad area, sig: 11 [#1]\n<snip>\n NIP [c008000001b90844] drc_pmem_query_stats+0x5c/0x270 [papr_scm]\n LR [c008000001b92794] papr_scm_probe+0x2ac/0x6ec [papr_scm]\n Call Trace:\n 0xc00000000941bca0 (unreliable)\n papr_scm_probe+0x2ac/0x6ec [papr_scm]\n platform_probe+0x98/0x150\n really_probe+0xfc/0x510\n __driver_probe_device+0x17c/0x230\n<snip>\n ---[ end trace 0000000000000000 ]---\n Kernel panic - not syncing: Fatal exception\n\nOn investigation looks like this panic was caused due to a 'stat_buffer' of\nsize==0 being provided to drc_pmem_query_stats() to fetch all performance\nstats-ids of an NVDIMM. However drc_pmem_query_stats() shouldn't have been called\nsince the vPMEM NVDIMM doesn't support and performance stat-id's. This was caused\ndue to missing check for 'p->stat_buffer_len' at the beginning of\npapr_scm_pmu_check_events() which indicates that the NVDIMM doesn't support\nperformance-stats.\n\nFix this by introducing the check for 'p->stat_buffer_len' at the beginning of\npapr_scm_pmu_check_events().\n\n[1] https://lore.kernel.org/all/6B3A522A-6A5F-4CC9-B268-0C63AA6E07D3@linux.ibm.com" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "arch/powerpc/platforms/pseries/papr_scm.c" |
| ], |
| "versions": [ |
| { |
| "version": "b073096df4dec70d0436321b7093bad27ae91f9e", |
| "lessThan": "e1295aab2ebcda1c1a9ed342baedc080e5c393e5", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "0e0946e22f3665d27325d389ff45ade6e93f3678", |
| "lessThan": "07bf9431b1590d1cd7a8d62075d0b50b073f0495", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "arch/powerpc/platforms/pseries/papr_scm.c" |
| ], |
| "versions": [ |
| { |
| "version": "5.18.3", |
| "lessThan": "5.18.4", |
| "status": "affected", |
| "versionType": "semver" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.18.3", |
| "versionEndExcluding": "5.18.4" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/e1295aab2ebcda1c1a9ed342baedc080e5c393e5" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/07bf9431b1590d1cd7a8d62075d0b50b073f0495" |
| } |
| ], |
| "title": "powerpc/papr_scm: don't requests stats with '0' sized stats buffer", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2022-49353", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
