CVE-2022-48713

Fixes a bug introduced by commit 670638477aed ("perf/x86/intel/pt: Opportunistically use single range output mode"), which added a support for PT single-range output mode. Since that commit if a PT stop filter range is hit while tracing, the kernel will crash because of a null pointer dereference in pthandlestatus due to calling ptbufferregion_size without a ToPA configured.

The commit which introduced single-range mode guarded almost all uses of the ToPA buffer variables with checks of the buf->single variable, but missed the case where tracing was stopped by the PT hardware, which happens when execution hits a configured stop filter.

Tested that hitting a stop filter while PT recording successfully records a trace with this patch but crashes without this patch.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

670638477aede0d7a355ced04b569214aa3feacd

Fixed

456f041e035913fcedb275aff6f8a71dfebcd394

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

670638477aede0d7a355ced04b569214aa3feacd

Fixed

e83d941fd3445f660d2f43647c580a320cc384f6

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

670638477aede0d7a355ced04b569214aa3feacd

Fixed

feffb6ae2c80b9a8206450cdef90f5943baced99

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

670638477aede0d7a355ced04b569214aa3feacd

Fixed

1d9093457b243061a9bba23543c38726e864a643

Affected versions

v5.*

v5.10

v5.10-rc1

v5.10-rc2

v5.10-rc3

v5.10-rc4

v5.10-rc5

v5.10-rc6

v5.10-rc7

v5.10.1

v5.10.10

v5.10.11

v5.10.12

v5.10.13

v5.10.14

v5.10.15

v5.10.16

v5.10.17

v5.10.18

v5.10.19

v5.10.2

v5.10.20

v5.10.21

v5.10.22

v5.10.23

v5.10.24

v5.10.25

v5.10.26

v5.10.27

v5.10.28

v5.10.29

v5.10.3

v5.10.30

v5.10.31

v5.10.32

v5.10.33

v5.10.34

v5.10.35

v5.10.36

v5.10.37

v5.10.38

v5.10.39

v5.10.4

v5.10.40

v5.10.41

v5.10.42

v5.10.43

v5.10.44

v5.10.45

v5.10.46

v5.10.47

v5.10.48

v5.10.49

v5.10.5

v5.10.50

v5.10.51

v5.10.52

v5.10.53

v5.10.54

v5.10.55

v5.10.56

v5.10.57

v5.10.58

v5.10.59

v5.10.6

v5.10.60

v5.10.61

v5.10.62

v5.10.63

v5.10.64

v5.10.65

v5.10.66

v5.10.67

v5.10.68

v5.10.69

v5.10.7

v5.10.70

v5.10.71

v5.10.72

v5.10.73

v5.10.74

v5.10.75

v5.10.76

v5.10.77

v5.10.78

v5.10.79

v5.10.8

v5.10.80

v5.10.81

v5.10.82

v5.10.83

v5.10.84

v5.10.85

v5.10.86

v5.10.87

v5.10.88

v5.10.89

v5.10.9

v5.10.90

v5.10.91

v5.10.92

v5.10.93

v5.10.94

v5.10.95

v5.10.96

v5.10.97

v5.10.98

v5.11

v5.11-rc1

v5.11-rc2

v5.11-rc3

v5.11-rc4

v5.11-rc5

v5.11-rc6

v5.11-rc7

v5.12

v5.12-rc1

v5.12-rc1-dontuse

v5.12-rc2

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.3

v5.15.4

v5.15.5

v5.15.6

v5.15.7

v5.15.8

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.16.1

v5.16.2

v5.16.3

v5.16.4

v5.16.5

v5.16.6

v5.16.7

v5.17-rc1

v5.17-rc2

v5.4

v5.4-rc8

v5.5

v5.5-rc1

v5.5-rc2

v5.5-rc3

v5.5-rc4

v5.5-rc5

v5.5-rc6

v5.5-rc7

v5.6

v5.6-rc1

v5.6-rc2

v5.6-rc3

v5.6-rc4

v5.6-rc5

v5.6-rc6

v5.6-rc7

v5.7

v5.7-rc1

v5.7-rc2

v5.7-rc3

v5.7-rc4

v5.7-rc5

v5.7-rc6

v5.7-rc7

v5.8

v5.8-rc1

v5.8-rc2

v5.8-rc3

v5.8-rc4

v5.8-rc5

v5.8-rc6

v5.8-rc7

v5.9

v5.9-rc1

v5.9-rc2

v5.9-rc3

v5.9-rc4

v5.9-rc5

v5.9-rc6

v5.9-rc7

v5.9-rc8

Database specific

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "37295644107410843474501253232603024830",
                    "279562048905469687201839766898193350185",
                    "107636030315136703708607248458412277467",
                    "134135382283369332045242256579438284766",
                    "128743393387118407159900571211545682084"
                ]
            },
            "id": "CVE-2022-48713-00512a4f",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d9093457b243061a9bba23543c38726e864a643",
            "deprecated": false,
            "target": {
                "file": "arch/x86/events/intel/pt.c"
            }
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "length": 865.0,
                "function_hash": "25718137314493774909540135801955319978"
            },
            "id": "CVE-2022-48713-184dcf28",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@feffb6ae2c80b9a8206450cdef90f5943baced99",
            "deprecated": false,
            "target": {
                "file": "arch/x86/events/intel/pt.c",
                "function": "pt_handle_status"
            }
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "length": 865.0,
                "function_hash": "25718137314493774909540135801955319978"
            },
            "id": "CVE-2022-48713-46bfa3f3",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d9093457b243061a9bba23543c38726e864a643",
            "deprecated": false,
            "target": {
                "file": "arch/x86/events/intel/pt.c",
                "function": "pt_handle_status"
            }
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "37295644107410843474501253232603024830",
                    "279562048905469687201839766898193350185",
                    "107636030315136703708607248458412277467",
                    "134135382283369332045242256579438284766",
                    "128743393387118407159900571211545682084"
                ]
            },
            "id": "CVE-2022-48713-64301f7b",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@feffb6ae2c80b9a8206450cdef90f5943baced99",
            "deprecated": false,
            "target": {
                "file": "arch/x86/events/intel/pt.c"
            }
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "length": 865.0,
                "function_hash": "25718137314493774909540135801955319978"
            },
            "id": "CVE-2022-48713-9135f30a",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@456f041e035913fcedb275aff6f8a71dfebcd394",
            "deprecated": false,
            "target": {
                "file": "arch/x86/events/intel/pt.c",
                "function": "pt_handle_status"
            }
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "37295644107410843474501253232603024830",
                    "279562048905469687201839766898193350185",
                    "107636030315136703708607248458412277467",
                    "134135382283369332045242256579438284766",
                    "128743393387118407159900571211545682084"
                ]
            },
            "id": "CVE-2022-48713-c48be9b5",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@456f041e035913fcedb275aff6f8a71dfebcd394",
            "deprecated": false,
            "target": {
                "file": "arch/x86/events/intel/pt.c"
            }
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "37295644107410843474501253232603024830",
                    "279562048905469687201839766898193350185",
                    "107636030315136703708607248458412277467",
                    "134135382283369332045242256579438284766",
                    "128743393387118407159900571211545682084"
                ]
            },
            "id": "CVE-2022-48713-dccea79f",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e83d941fd3445f660d2f43647c580a320cc384f6",
            "deprecated": false,
            "target": {
                "file": "arch/x86/events/intel/pt.c"
            }
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "length": 865.0,
                "function_hash": "25718137314493774909540135801955319978"
            },
            "id": "CVE-2022-48713-ff1737cd",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e83d941fd3445f660d2f43647c580a320cc384f6",
            "deprecated": false,
            "target": {
                "file": "arch/x86/events/intel/pt.c",
                "function": "pt_handle_status"
            }
        }
    ]
}

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.99

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.22

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.16.8