CVE-2022-50230

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-50230
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50230.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50230
Downstream
Published
2025-06-18T11:04:06Z
Modified
2025-10-16T06:48:20.099798Z
Summary
arm64: set UXN on swapper page tables
Details

In the Linux kernel, the following vulnerability has been resolved:

arm64: set UXN on swapper page tables

[ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire kernel image in initial ID map") as part of a large refactoring of the arm64 boot flow. This simple fix is therefore preferred for -stable backporting ]

On a system that implements FEATEPAN, read/write access to the idmap is denied because UXN is not set on the swapper PTEs. As a result, idmapkptiinstallngmappings panics the kernel when accessing _idmapkptiflag. Fix it by setting UXN on these PTEs.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
18107f8a2df6bf1c6cac8d0713f757f866d5af51
Fixed
9283e708a9b8529e7aafac9ab5c5c79a9fab8846
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
18107f8a2df6bf1c6cac8d0713f757f866d5af51
Fixed
c3cee924bd855184d15bc4aa6088dcf8e2c1394c

Affected versions

v5.*

v5.12
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c3cee924bd855184d15bc4aa6088dcf8e2c1394c",
        "signature_version": "v1",
        "target": {
            "function": "paging_init",
            "file": "arch/arm64/mm/mmu.c"
        },
        "digest": {
            "function_hash": "82330200697673335372597973066776512225",
            "length": 426.0
        },
        "id": "CVE-2022-50230-38538c76"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c3cee924bd855184d15bc4aa6088dcf8e2c1394c",
        "signature_version": "v1",
        "target": {
            "file": "arch/arm64/mm/mmu.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "34028416160447483806562655426375619884",
                "190388467713600494622170557177536062951",
                "227617969726944583763367795325012702099",
                "187820742443352735330060647117127422275",
                "290769937157585924455781113617212255631",
                "90484158722437318461048618202179289178",
                "18897070344871461206673163287671936908",
                "77815837401738578080405817767593518597",
                "6793914066014216538223593355057246032",
                "171063294696719585450134581695722801252",
                "270096704480498375689434467625264803671",
                "39384581313273946389704356714930359713",
                "232027824551155305080313411277133577849",
                "57854298232146873278227890625531748900"
            ]
        },
        "id": "CVE-2022-50230-790e998f"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c3cee924bd855184d15bc4aa6088dcf8e2c1394c",
        "signature_version": "v1",
        "target": {
            "file": "arch/arm64/include/asm/kernel-pgtable.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "327892130325109029480489297356604233283",
                "71734388821128010166035172852462043457",
                "320215778404595278949868419242003230701",
                "115584937378444169183098770577973031319",
                "324723549656773592822040310492005512954",
                "270638501489813482845755054250527356689",
                "214970271167890379189281136852339058027",
                "327892130325109029480489297356604233283",
                "71734388821128010166035172852462043457",
                "233557843046479140734566775282309524309",
                "319358207898728010128483523687495315903"
            ]
        },
        "id": "CVE-2022-50230-e1095a00"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.13.0
Fixed
5.19.1