CVE-2022-48762

In the Linux kernel, the following vulnerability has been resolved:

arm64: extable: fix loadunalignedzeropad() reg indices

In exhandlerloadunalignedzeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will contain EXTYPELOADUNALIGNEDZEROPAD (i.e. 4): * We'll always treat X0 as the address register, since EXDATAREGADDR is extracted from bits [9:5]. Thus, we may attempt to dereference an arbitrary address as X0 may hold an arbitrary value. * We'll always treat X4 as the data register, since EXDATAREGDATA is extracted from bits [4:0]. Thus we will corrupt X4 and cause arbitrary behaviour within loadunalignedzeropad() and its caller.

Fix this by extracting both values from ex->data as originally intended.

On an MTE-enabled QEMU image we are hitting the following crash: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: fixupexception+0xc4/0x108 _dokernelfault+0x3c/0x268 dotagcheckfault+0x3c/0x104 domemabort+0x44/0xf4 el1abort+0x40/0x64 el1h64synchandler+0x60/0xa0 el1h64sync+0x7c/0x80 linkpathwalk+0x150/0x344 pathopenat+0xa0/0x7dc dofilpopen+0xb8/0x168 dosysopenat2+0x88/0x17c _arm64sysopenat+0x74/0xa0 invokesyscall+0x48/0x148 el0svccommon+0xb8/0xf8 doel0svc+0x28/0x88 el0svc+0x24/0x84 el0t64synchandler+0x88/0xec el0t64sync+0x1b4/0x1b8 Code: f8695a69 71007d1f 540000e0 927df12a (f940014a)