CVE-2022-48752

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48752
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48752.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48752
Downstream
Related
Published
2024-06-20T11:13:33Z
Modified
2025-10-08T06:51:02.650328Z
Summary
powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending
Details

In the Linux kernel, the following vulnerability has been resolved:

powerpc/perf: Fix powerpmudisable to call clearpmiirq_pending only if PMI is pending

Running selftest with CONFIGPPCIRQSOFTMASK_DEBUG enabled in kernel triggered below warning:

[ 172.851380] ------------[ cut here ]------------ [ 172.851391] WARNING: CPU: 8 PID: 2901 at arch/powerpc/include/asm/hwirq.h:246 powerpmudisable+0x270/0x280 [ 172.851402] Modules linked in: dmmod bonding nftct nfconntrack nfdefragipv6 nfdefragipv4 ipset nftables rfkill nfnetlink sunrpc xfs libcrc32c pseriesrng xts vmxcrypto uiopdrvgenirq uio schfqcodel iptables ext4 mbcache jbd2 sdmod t10pi sg ibmvscsi ibmveth scsitransportsrp fuse [ 172.851442] CPU: 8 PID: 2901 Comm: lostexception_ Not tainted 5.16.0-rc5-03218-g798527287598 #2 [ 172.851451] NIP: c00000000013d600 LR: c00000000013d5a4 CTR: c00000000013b180 [ 172.851458] REGS: c000000017687860 TRAP: 0700 Not tainted (5.16.0-rc5-03218-g798527287598) [ 172.851465] MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 48004884 XER: 20040000 [ 172.851482] CFAR: c00000000013d5b4 IRQMASK: 1 [ 172.851482] GPR00: c00000000013d5a4 c000000017687b00 c000000002a10600 0000000000000004 [ 172.851482] GPR04: 0000000082004000 c0000008ba08f0a8 0000000000000000 00000008b7ed0000 [ 172.851482] GPR08: 00000000446194f6 0000000000008000 c00000000013b118 c000000000d58e68 [ 172.851482] GPR12: c00000000013d390 c00000001ec54a80 0000000000000000 0000000000000000 [ 172.851482] GPR16: 0000000000000000 0000000000000000 c000000015d5c708 c0000000025396d0 [ 172.851482] GPR20: 0000000000000000 0000000000000000 c00000000a3bbf40 0000000000000003 [ 172.851482] GPR24: 0000000000000000 c0000008ba097400 c0000000161e0d00 c00000000a3bb600 [ 172.851482] GPR28: c000000015d5c700 0000000000000001 0000000082384090 c0000008ba0020d8 [ 172.851549] NIP [c00000000013d600] powerpmudisable+0x270/0x280 [ 172.851557] LR [c00000000013d5a4] powerpmudisable+0x214/0x280 [ 172.851565] Call Trace: [ 172.851568] [c000000017687b00] [c00000000013d5a4] powerpmudisable+0x214/0x280 (unreliable) [ 172.851579] [c000000017687b40] [c0000000003403ac] perfpmudisable+0x4c/0x60 [ 172.851588] [c000000017687b60] [c0000000003445e4] _perfeventtaskschedout+0x1d4/0x660 [ 172.851596] [c000000017687c50] [c000000000d1175c] _schedule+0xbcc/0x12a0 [ 172.851602] [c000000017687d60] [c000000000d11ea8] schedule+0x78/0x140 [ 172.851608] [c000000017687d90] [c0000000001a8080] sysschedyield+0x20/0x40 [ 172.851615] [c000000017687db0] [c0000000000334dc] systemcallexception+0x18c/0x380 [ 172.851622] [c000000017687e10] [c00000000000c74c] systemcallcommon+0xec/0x268

The warning indicates that MSREE being set(interrupt enabled) when there was an overflown PMC detected. This could happen in powerpmudisable since it runs under interrupt soft disable condition ( localirqsave ) and not with interrupts hard disabled. commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC") intended to clear PMI pending bit in Paca when disabling the PMU. It could happen that PMC gets overflown while code is in powerpmudisable callback function. Hence add a check to see if PMI pending bit is set in Paca before clearing it via clearpmi_pending.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ef798cd035f316a537fee8ed170c127f12407085
Fixed
55402a4618721f350a9ab660bb42717d8aa18e7c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fadcafa3959281ce2d96feedece8c75c3f95f8a5
Fixed
28aaed966e76807a71de79dd40a8eee9042374dd
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
215a90ce3754fe509efbce6b73a4bb643c7e7528
Fixed
fa4ad064a6bd49208221df5e62adf27b426d1720
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2c9ac51b850d84ee496b0a5d832ce66d411ae552
Fixed
fb6433b48a178d4672cb26632454ee0b21056eaa

Affected versions

v5.*

v5.10.94
v5.10.95
v5.15.17
v5.15.18
v5.16
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.3
v5.16.4
v5.17-rc1

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "digest": {
                "length": 1072.0,
                "function_hash": "14085551899357963692174670646895144012"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fb6433b48a178d4672cb26632454ee0b21056eaa",
            "deprecated": false,
            "target": {
                "file": "arch/powerpc/perf/core-book3s.c",
                "function": "power_pmu_disable"
            },
            "signature_type": "Function",
            "id": "CVE-2022-48752-21a461c6"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "61488836414109398376829008299992620540",
                    "254496105517232163211389300919243787999",
                    "213004226983239786906415754855721728284",
                    "224171946821878292584700741007460790450",
                    "267756437933473582348704191835430213638",
                    "83945062334039730249503973222007526695"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fb6433b48a178d4672cb26632454ee0b21056eaa",
            "deprecated": false,
            "target": {
                "file": "arch/powerpc/perf/core-book3s.c"
            },
            "signature_type": "Line",
            "id": "CVE-2022-48752-38cce7b9"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "61488836414109398376829008299992620540",
                    "254496105517232163211389300919243787999",
                    "213004226983239786906415754855721728284",
                    "224171946821878292584700741007460790450",
                    "267756437933473582348704191835430213638",
                    "83945062334039730249503973222007526695"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28aaed966e76807a71de79dd40a8eee9042374dd",
            "deprecated": false,
            "target": {
                "file": "arch/powerpc/perf/core-book3s.c"
            },
            "signature_type": "Line",
            "id": "CVE-2022-48752-665bb883"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 1072.0,
                "function_hash": "14085551899357963692174670646895144012"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa4ad064a6bd49208221df5e62adf27b426d1720",
            "deprecated": false,
            "target": {
                "file": "arch/powerpc/perf/core-book3s.c",
                "function": "power_pmu_disable"
            },
            "signature_type": "Function",
            "id": "CVE-2022-48752-77139294"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "61488836414109398376829008299992620540",
                    "254496105517232163211389300919243787999",
                    "213004226983239786906415754855721728284",
                    "224171946821878292584700741007460790450",
                    "267756437933473582348704191835430213638",
                    "83945062334039730249503973222007526695"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@55402a4618721f350a9ab660bb42717d8aa18e7c",
            "deprecated": false,
            "target": {
                "file": "arch/powerpc/perf/core-book3s.c"
            },
            "signature_type": "Line",
            "id": "CVE-2022-48752-824b6be9"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "61488836414109398376829008299992620540",
                    "254496105517232163211389300919243787999",
                    "213004226983239786906415754855721728284",
                    "224171946821878292584700741007460790450",
                    "267756437933473582348704191835430213638",
                    "83945062334039730249503973222007526695"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa4ad064a6bd49208221df5e62adf27b426d1720",
            "deprecated": false,
            "target": {
                "file": "arch/powerpc/perf/core-book3s.c"
            },
            "signature_type": "Line",
            "id": "CVE-2022-48752-84cc2692"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 1072.0,
                "function_hash": "14085551899357963692174670646895144012"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@55402a4618721f350a9ab660bb42717d8aa18e7c",
            "deprecated": false,
            "target": {
                "file": "arch/powerpc/perf/core-book3s.c",
                "function": "power_pmu_disable"
            },
            "signature_type": "Function",
            "id": "CVE-2022-48752-9c024126"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 1072.0,
                "function_hash": "14085551899357963692174670646895144012"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28aaed966e76807a71de79dd40a8eee9042374dd",
            "deprecated": false,
            "target": {
                "file": "arch/powerpc/perf/core-book3s.c",
                "function": "power_pmu_disable"
            },
            "signature_type": "Function",
            "id": "CVE-2022-48752-b02c5253"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.10.94
Fixed
5.10.96
Type
ECOSYSTEM
Events
Introduced
5.15.17
Fixed
5.15.19
Type
ECOSYSTEM
Events
Introduced
5.16.3
Fixed
5.16.5