CVE-2022-49804

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49804
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49804.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49804
Downstream
Published
2025-05-01T14:09:31Z
Modified
2025-10-08T11:14:00.899158Z
Summary
s390: avoid using global register for current_stack_pointer
Details

In the Linux kernel, the following vulnerability has been resolved:

s390: avoid using global register for currentstackpointer

Commit 30de14b1884b ("s390: currentstackpointer shouldn't be a function") made currentstackpointer a global register variable like on many other architectures. Unfortunately on s390 it uncovers old gcc bug which is fixed only since gcc-9.1 [gcc commit 3ad7fed1cc87 ("S/390: Fix PR89775. Stackpointer save/restore instructions removed")] and backported to gcc-8.4 and later. Due to this bug gcc versions prior to 8.4 generate broken code which leads to stack corruptions.

Current minimal gcc version required to build the kernel is declared as 5.1. It is not possible to fix all old gcc versions, so work around this problem by avoiding using global register variable for currentstackpointer.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
30de14b1884ba609fc1acfba5b40309e3a6ccefe
Fixed
a478952a8ac44e32316dc046a063a7dc34825aa6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
30de14b1884ba609fc1acfba5b40309e3a6ccefe
Fixed
e3c11025bcd2142a61abe5806b2f86a0e78118df

Affected versions

v5.*

v5.18
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1-rc1
v6.1-rc2

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "186760624162145451951592908649144400218",
                    "296220496933039945320892109406703427533",
                    "158904356961172334997857516402221726559",
                    "100771290743673822622682602773834660996"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a478952a8ac44e32316dc046a063a7dc34825aa6",
            "deprecated": false,
            "target": {
                "file": "arch/s390/include/asm/processor.h"
            },
            "signature_type": "Line",
            "id": "CVE-2022-49804-04defe56"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "186760624162145451951592908649144400218",
                    "296220496933039945320892109406703427533",
                    "158904356961172334997857516402221726559",
                    "100771290743673822622682602773834660996"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3c11025bcd2142a61abe5806b2f86a0e78118df",
            "deprecated": false,
            "target": {
                "file": "arch/s390/include/asm/processor.h"
            },
            "signature_type": "Line",
            "id": "CVE-2022-49804-32ce739b"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
6.0.10