CVE-2022-48713

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48713
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48713.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48713
Downstream
Related
Published
2024-06-20T11:13:07Z
Modified
2025-10-15T16:06:35.864529Z
Summary
perf/x86/intel/pt: Fix crash with stop filters in single-range mode
Details

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel/pt: Fix crash with stop filters in single-range mode

Add a check for !buf->single before calling ptbufferregion_size in a place where a missing check can cause a kernel crash.

Fixes a bug introduced by commit 670638477aed ("perf/x86/intel/pt: Opportunistically use single range output mode"), which added a support for PT single-range output mode. Since that commit if a PT stop filter range is hit while tracing, the kernel will crash because of a null pointer dereference in pthandlestatus due to calling ptbufferregion_size without a ToPA configured.

The commit which introduced single-range mode guarded almost all uses of the ToPA buffer variables with checks of the buf->single variable, but missed the case where tracing was stopped by the PT hardware, which happens when execution hits a configured stop filter.

Tested that hitting a stop filter while PT recording successfully records a trace with this patch but crashes without this patch.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
670638477aede0d7a355ced04b569214aa3feacd
Fixed
456f041e035913fcedb275aff6f8a71dfebcd394
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
670638477aede0d7a355ced04b569214aa3feacd
Fixed
e83d941fd3445f660d2f43647c580a320cc384f6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
670638477aede0d7a355ced04b569214aa3feacd
Fixed
feffb6ae2c80b9a8206450cdef90f5943baced99
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
670638477aede0d7a355ced04b569214aa3feacd
Fixed
1d9093457b243061a9bba23543c38726e864a643

Affected versions

v5.*

v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.17-rc1
v5.17-rc2
v5.4
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

Database specific

vanir_signatures

[
    {
        "id": "CVE-2022-48713-184dcf28",
        "target": {
            "function": "pt_handle_status",
            "file": "arch/x86/events/intel/pt.c"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@feffb6ae2c80b9a8206450cdef90f5943baced99",
        "digest": {
            "length": 865.0,
            "function_hash": "25718137314493774909540135801955319978"
        },
        "deprecated": false
    },
    {
        "id": "CVE-2022-48713-64301f7b",
        "target": {
            "file": "arch/x86/events/intel/pt.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@feffb6ae2c80b9a8206450cdef90f5943baced99",
        "digest": {
            "line_hashes": [
                "37295644107410843474501253232603024830",
                "279562048905469687201839766898193350185",
                "107636030315136703708607248458412277467",
                "134135382283369332045242256579438284766",
                "128743393387118407159900571211545682084"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "id": "CVE-2022-48713-9135f30a",
        "target": {
            "function": "pt_handle_status",
            "file": "arch/x86/events/intel/pt.c"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@456f041e035913fcedb275aff6f8a71dfebcd394",
        "digest": {
            "length": 865.0,
            "function_hash": "25718137314493774909540135801955319978"
        },
        "deprecated": false
    },
    {
        "id": "CVE-2022-48713-c48be9b5",
        "target": {
            "file": "arch/x86/events/intel/pt.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@456f041e035913fcedb275aff6f8a71dfebcd394",
        "digest": {
            "line_hashes": [
                "37295644107410843474501253232603024830",
                "279562048905469687201839766898193350185",
                "107636030315136703708607248458412277467",
                "134135382283369332045242256579438284766",
                "128743393387118407159900571211545682084"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.99
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.22
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.16.8