CVE-2022-49885

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49885
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49885.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49885
Related
Published
2025-05-01T15:16:13Z
Modified
2025-05-07T14:51:09.677005Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ACPI: APEI: Fix integer overflow in ghesestatuspool_init()

Change num_ghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc() to fail.

The overflow happens in ghesestatuspool_init() when calculating len during execution of the statement below as both multiplication operands here are signed int:

len += (numghes * GHESESOURCEPREALLOCMAX_SIZE);

The following call trace is observed because of this bug:

[ 9.317108] swapper/0: vmalloc error: size 18446744071562596352, exceeds total pages, mode:0xcc0(GFPKERNEL), nodemask=(null),cpuset=/,memsallowed=0-1 [ 9.317131] Call Trace: [ 9.317134] <TASK> [ 9.317137] dumpstacklvl+0x49/0x5f [ 9.317145] dumpstack+0x10/0x12 [ 9.317146] warnalloc.cold+0x7b/0xdf [ 9.317150] ? _deviceattach+0x16a/0x1b0 [ 9.317155] _vmallocnoderange+0x702/0x740 [ 9.317160] ? deviceadd+0x17f/0x920 [ 9.317164] ? devsetname+0x53/0x70 [ 9.317166] ? platformdeviceadd+0xf9/0x240 [ 9.317168] _vmallocnode+0x49/0x50 [ 9.317170] ? ghesestatuspoolinit+0x43/0xa0 [ 9.317176] vmalloc+0x21/0x30 [ 9.317177] ghesestatuspoolinit+0x43/0xa0 [ 9.317179] acpihestinit+0x129/0x19c [ 9.317185] acpiinit+0x434/0x4a4 [ 9.317188] ? acpisleepprocinit+0x2a/0x2a [ 9.317190] dooneinitcall+0x48/0x200 [ 9.317195] kernelinitfreeable+0x221/0x284 [ 9.317200] ? restinit+0xe0/0xe0 [ 9.317204] kernelinit+0x1a/0x130 [ 9.317205] retfromfork+0x22/0x30 [ 9.317208] </TASK>

[ rjw: Subject and changelog edits ]

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.158-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.8-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.8-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}