CVE-2022-49804

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49804

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49804.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49804

Related

UBUNTU-CVE-2022-49804

Published

2025-05-01T15:16:03Z

Modified

2025-05-02T13:53:20Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

s390: avoid using global register for currentstackpointer

Commit 30de14b1884b ("s390: currentstackpointer shouldn't be a function") made currentstackpointer a global register variable like on many other architectures. Unfortunately on s390 it uncovers old gcc bug which is fixed only since gcc-9.1 [gcc commit 3ad7fed1cc87 ("S/390: Fix PR89775. Stackpointer save/restore instructions removed")] and backported to gcc-8.4 and later. Due to this bug gcc versions prior to 8.4 generate broken code which leads to stack corruptions.

Current minimal gcc version required to build the kernel is declared as 5.1. It is not possible to fix all old gcc versions, so work around this problem by avoiding using global register variable for currentstackpointer.

References

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}