CVE-2022-49004
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49004
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49004.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49004
- Downstream
- Published
- 2024-10-21T20:06:17Z
- Modified
- 2025-10-15T15:24:04.926976Z
- Summary
- riscv: Sync efi page table's kernel mappings before switching
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
riscv: Sync efi page table's kernel mappings before switching
The EFI page table is initially created as a copy of the kernel page table. With VMAP_STACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is allocated in a new PGD (one that was not present at the moment of the efi page table creation or not synced in a previous vmalloc fault), the kernel will take a trap when switching to the efi page table when the vmalloc kernel stack is accessed, resulting in a kernel panic.
Fix that by updating the efi kernel mappings before switching to the efi page table.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb91540d52a08b65eb6a2b09132e1bd54fa82754cFixedfa7a7d185ef380546b4b1fed6f84f31dbae8cec7
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb91540d52a08b65eb6a2b09132e1bd54fa82754cFixed96f479383d92944406d4b3f2bc03c2f640def9f1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb91540d52a08b65eb6a2b09132e1bd54fa82754cFixed3f105a742725a1b78766a55169f1d827732e62b8
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.9
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.10
v6.0.11
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1-rc1
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"id": "CVE-2022-49004-75d4606a",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f105a742725a1b78766a55169f1d827732e62b8",
"signature_version": "v1",
"target": {
"file": "arch/riscv/include/asm/pgalloc.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"80052542167557743642803259556237104069",
"85989168431440359647387847769520390123",
"70442868856649406581124519731609392887",
"167863864084142734377041505439505760286",
"232834246587619865916675239161413118831",
"301921879062622841677630468087488848681",
"141944734761208967869090355298873770876",
"173204801785257581608607093118909778089",
"330246708910817385646140434267117872636"
]
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2022-49004-8003beda",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f105a742725a1b78766a55169f1d827732e62b8",
"signature_version": "v1",
"target": {
"file": "arch/riscv/include/asm/efi.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"144148680928865791865245889954534156814",
"130525756835473037000142205155262418190",
"148399542491930722060165691816755067796",
"12618210270438362073012983957033673799",
"213500566897654717411387975966748110995",
"268392796911724905095522936996758732109",
"27957317609811861982794090389836952489"
]
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2022-49004-935d24f7",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@96f479383d92944406d4b3f2bc03c2f640def9f1",
"signature_version": "v1",
"target": {
"file": "arch/riscv/include/asm/pgalloc.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"80052542167557743642803259556237104069",
"85989168431440359647387847769520390123",
"70442868856649406581124519731609392887",
"167863864084142734377041505439505760286",
"232834246587619865916675239161413118831",
"301921879062622841677630468087488848681",
"141944734761208967869090355298873770876",
"173204801785257581608607093118909778089",
"330246708910817385646140434267117872636"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2022-49004-d2879e28",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@96f479383d92944406d4b3f2bc03c2f640def9f1",
"signature_version": "v1",
"target": {
"function": "pgd_alloc",
"file": "arch/riscv/include/asm/pgalloc.h"
},
"digest": {
"function_hash": "235148724920168912427487037757702680149",
"length": 354.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2022-49004-d5d2a785",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@96f479383d92944406d4b3f2bc03c2f640def9f1",
"signature_version": "v1",
"target": {
"file": "arch/riscv/include/asm/efi.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"144148680928865791865245889954534156814",
"130525756835473037000142205155262418190",
"148399542491930722060165691816755067796",
"12618210270438362073012983957033673799",
"213500566897654717411387975966748110995",
"268392796911724905095522936996758732109",
"27957317609811861982794090389836952489"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2022-49004-f9a69e34",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f105a742725a1b78766a55169f1d827732e62b8",
"signature_version": "v1",
"target": {
"function": "pgd_alloc",
"file": "arch/riscv/include/asm/pgalloc.h"
},
"digest": {
"function_hash": "235148724920168912427487037757702680149",
"length": 354.0
},
"deprecated": false
}
]