CVE-2022-48752

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48752
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48752.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48752
Related
Published
2024-06-20T12:15:13Z
Modified
2024-09-11T04:57:01.445282Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

powerpc/perf: Fix powerpmudisable to call clearpmiirq_pending only if PMI is pending

Running selftest with CONFIGPPCIRQSOFTMASK_DEBUG enabled in kernel triggered below warning:

[ 172.851380] ------------[ cut here ]------------ [ 172.851391] WARNING: CPU: 8 PID: 2901 at arch/powerpc/include/asm/hwirq.h:246 powerpmudisable+0x270/0x280 [ 172.851402] Modules linked in: dmmod bonding nftct nfconntrack nfdefragipv6 nfdefragipv4 ipset nftables rfkill nfnetlink sunrpc xfs libcrc32c pseriesrng xts vmxcrypto uiopdrvgenirq uio schfqcodel iptables ext4 mbcache jbd2 sdmod t10pi sg ibmvscsi ibmveth scsitransportsrp fuse [ 172.851442] CPU: 8 PID: 2901 Comm: lostexception_ Not tainted 5.16.0-rc5-03218-g798527287598 #2 [ 172.851451] NIP: c00000000013d600 LR: c00000000013d5a4 CTR: c00000000013b180 [ 172.851458] REGS: c000000017687860 TRAP: 0700 Not tainted (5.16.0-rc5-03218-g798527287598) [ 172.851465] MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 48004884 XER: 20040000 [ 172.851482] CFAR: c00000000013d5b4 IRQMASK: 1 [ 172.851482] GPR00: c00000000013d5a4 c000000017687b00 c000000002a10600 0000000000000004 [ 172.851482] GPR04: 0000000082004000 c0000008ba08f0a8 0000000000000000 00000008b7ed0000 [ 172.851482] GPR08: 00000000446194f6 0000000000008000 c00000000013b118 c000000000d58e68 [ 172.851482] GPR12: c00000000013d390 c00000001ec54a80 0000000000000000 0000000000000000 [ 172.851482] GPR16: 0000000000000000 0000000000000000 c000000015d5c708 c0000000025396d0 [ 172.851482] GPR20: 0000000000000000 0000000000000000 c00000000a3bbf40 0000000000000003 [ 172.851482] GPR24: 0000000000000000 c0000008ba097400 c0000000161e0d00 c00000000a3bb600 [ 172.851482] GPR28: c000000015d5c700 0000000000000001 0000000082384090 c0000008ba0020d8 [ 172.851549] NIP [c00000000013d600] powerpmudisable+0x270/0x280 [ 172.851557] LR [c00000000013d5a4] powerpmudisable+0x214/0x280 [ 172.851565] Call Trace: [ 172.851568] [c000000017687b00] [c00000000013d5a4] powerpmudisable+0x214/0x280 (unreliable) [ 172.851579] [c000000017687b40] [c0000000003403ac] perfpmudisable+0x4c/0x60 [ 172.851588] [c000000017687b60] [c0000000003445e4] _perfeventtaskschedout+0x1d4/0x660 [ 172.851596] [c000000017687c50] [c000000000d1175c] _schedule+0xbcc/0x12a0 [ 172.851602] [c000000017687d60] [c000000000d11ea8] schedule+0x78/0x140 [ 172.851608] [c000000017687d90] [c0000000001a8080] sysschedyield+0x20/0x40 [ 172.851615] [c000000017687db0] [c0000000000334dc] systemcallexception+0x18c/0x380 [ 172.851622] [c000000017687e10] [c00000000000c74c] systemcallcommon+0xec/0x268

The warning indicates that MSREE being set(interrupt enabled) when there was an overflown PMC detected. This could happen in powerpmudisable since it runs under interrupt soft disable condition ( localirqsave ) and not with interrupts hard disabled. commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC") intended to clear PMI pending bit in Paca when disabling the PMU. It could happen that PMC gets overflown while code is in powerpmudisable callback function. Hence add a check to see if PMI pending bit is set in Paca before clearing it via clearpmi_pending.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.103-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}