CVE-2022-50159
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50159
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50159.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50159
- Downstream
- Published
- 2025-06-18T11:03:15Z
- Modified
- 2025-10-08T13:05:23.073667Z
- Summary
- of: check previous kernel's ima-kexec-buffer against memory bounds
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
of: check previous kernel's ima-kexec-buffer against memory bounds
Presently imagetkexec_buffer() doesn't check if the previous kernel's ima-kexec-buffer lies outside the addressable memory range. This can result in a kernel panic if the new kernel is booted with 'mem=X' arg and the ima-kexec-buffer was allocated beyond that range by the previous kernel. The panic is usually of the form below:
$ sudo kexec --initrd initrd vmlinux --append='mem=16G'
<snip> BUG: Unable to handle kernel data access on read at 0xc000c01fff7f0000 Faulting instruction address: 0xc000000000837974 Oops: Kernel access of bad area, sig: 11 [#1] <snip> NIP [c000000000837974] imarestoremeasurementlist+0x94/0x6c0 LR [c00000000083b55c] imaloadkexecbuffer+0xac/0x160 Call Trace: [c00000000371fa80] [c00000000083b55c] imaloadkexecbuffer+0xac/0x160 [c00000000371fb00] [c0000000020512c4] imainit+0x80/0x108 [c00000000371fb70] [c0000000020514dc] initima+0x4c/0x120 [c00000000371fbf0] [c000000000012240] dooneinitcall+0x60/0x2c0 [c00000000371fcc0] [c000000002004ad0] kernelinitfreeable+0x344/0x3ec [c00000000371fda0] [c0000000000128a4] kernelinit+0x34/0x1b0 [c00000000371fe10] [c00000000000ce64] retfromkernel_thread+0x5c/0x64 Instruction dump: f92100b8 f92100c0 90e10090 910100a0 4182050c 282a0017 3bc00000 40810330 7c0802a6 fb610198 7c9b2378 f80101d0 <a1240000> 2c090001 40820614 e9240010 ---[ end trace 0000000000000000 ]---
Fix this issue by checking returned PFN range of previous kernel's ima-kexec-buffer with pageisram() to ensure correct memory bounds.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1b2263d6c86fca8f30e18231778393bfc287bb27
- https://git.kernel.org/stable/c/beb5bba5dd132650c073f815c685c60c3e5b783b
- https://git.kernel.org/stable/c/cbf9c4b9617b6767886a913705ca14b7600c77db
- https://git.kernel.org/stable/c/dc3b8525f83ac6bbc885bb24bbb8a76f4622200e
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced467d27824920e866af148132f555d40ca1fb199eFixedbeb5bba5dd132650c073f815c685c60c3e5b783b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced467d27824920e866af148132f555d40ca1fb199eFixeddc3b8525f83ac6bbc885bb24bbb8a76f4622200e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced467d27824920e866af148132f555d40ca1fb199eFixed1b2263d6c86fca8f30e18231778393bfc287bb27
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced467d27824920e866af148132f555d40ca1fb199eFixedcbf9c4b9617b6767886a913705ca14b7600c77db
Affected versions
v4.*
v4.10
v4.10-rc1
v4.10-rc2
v4.10-rc3
v4.10-rc4
v4.10-rc5
v4.10-rc6
v4.10-rc7
v4.10-rc8
v4.11
v4.11-rc1
v4.11-rc2
v4.11-rc3
v4.11-rc4
v4.11-rc5
v4.11-rc6
v4.11-rc7
v4.11-rc8
v4.12
v4.12-rc1
v4.12-rc2
v4.12-rc3
v4.12-rc4
v4.12-rc5
v4.12-rc6
v4.12-rc7
v4.13
v4.13-rc1
v4.13-rc2
v4.13-rc3
v4.13-rc4
v4.13-rc5
v4.13-rc6
v4.13-rc7
v4.14
v4.14-rc1
v4.14-rc2
v4.14-rc3
v4.14-rc4
v4.14-rc5
v4.14-rc6
v4.14-rc7
v4.14-rc8
v4.15
v4.15-rc1
v4.15-rc2
v4.15-rc3
v4.15-rc4
v4.15-rc5
v4.15-rc6
v4.15-rc7
v4.15-rc8
v4.15-rc9
v4.16
v4.16-rc1
v4.16-rc2
v4.16-rc3
v4.16-rc4
v4.16-rc5
v4.16-rc6
v4.16-rc7
v4.17
v4.17-rc1
v4.17-rc2
v4.17-rc3
v4.17-rc4
v4.17-rc5
v4.17-rc6
v4.17-rc7
v4.18
v4.18-rc1
v4.18-rc2
v4.18-rc3
v4.18-rc4
v4.18-rc5
v4.18-rc6
v4.18-rc7
v4.18-rc8
v4.19
v4.19-rc1
v4.19-rc2
v4.19-rc3
v4.19-rc4
v4.19-rc5
v4.19-rc6
v4.19-rc7
v4.19-rc8
v4.20
v4.20-rc1
v4.20-rc2
v4.20-rc3
v4.20-rc4
v4.20-rc5
v4.20-rc6
v4.20-rc7
v5.*
v5.0
v5.0-rc1
v5.0-rc2
v5.0-rc3
v5.0-rc4
v5.0-rc5
v5.0-rc6
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.10
v5.18.11
v5.18.12
v5.18.13
v5.18.14
v5.18.15
v5.18.16
v5.18.17
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.18.8
v5.18.9
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2022-50159-1a01f024",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"46575601503941681999406664333357061349",
"248476312692028839468940096173588518582",
"166291506870999091712887418392717099193",
"234391702787891957181049365903514934316",
"277110003330788561753997257888955011950",
"155843829393364814276629572371003758322",
"270831162297440101141755161327386534256"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@beb5bba5dd132650c073f815c685c60c3e5b783b",
"target": {
"file": "drivers/of/kexec.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "CVE-2022-50159-3136176a",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"46575601503941681999406664333357061349",
"248476312692028839468940096173588518582",
"166291506870999091712887418392717099193",
"234391702787891957181049365903514934316",
"277110003330788561753997257888955011950",
"155843829393364814276629572371003758322",
"270831162297440101141755161327386534256"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc3b8525f83ac6bbc885bb24bbb8a76f4622200e",
"target": {
"file": "drivers/of/kexec.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "CVE-2022-50159-42717b77",
"deprecated": false,
"digest": {
"function_hash": "329720791919086806944413979251726322326",
"length": 413.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cbf9c4b9617b6767886a913705ca14b7600c77db",
"target": {
"file": "drivers/of/kexec.c",
"function": "ima_get_kexec_buffer"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "CVE-2022-50159-53a5d9ea",
"deprecated": false,
"digest": {
"function_hash": "329720791919086806944413979251726322326",
"length": 413.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@beb5bba5dd132650c073f815c685c60c3e5b783b",
"target": {
"file": "drivers/of/kexec.c",
"function": "ima_get_kexec_buffer"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "CVE-2022-50159-7196e744",
"deprecated": false,
"digest": {
"function_hash": "329720791919086806944413979251726322326",
"length": 413.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dc3b8525f83ac6bbc885bb24bbb8a76f4622200e",
"target": {
"file": "drivers/of/kexec.c",
"function": "ima_get_kexec_buffer"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "CVE-2022-50159-7c1d084b",
"deprecated": false,
"digest": {
"function_hash": "329720791919086806944413979251726322326",
"length": 413.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1b2263d6c86fca8f30e18231778393bfc287bb27",
"target": {
"file": "drivers/of/kexec.c",
"function": "ima_get_kexec_buffer"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "CVE-2022-50159-ac727554",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"46575601503941681999406664333357061349",
"248476312692028839468940096173588518582",
"166291506870999091712887418392717099193",
"234391702787891957181049365903514934316",
"277110003330788561753997257888955011950",
"155843829393364814276629572371003758322",
"270831162297440101141755161327386534256"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1b2263d6c86fca8f30e18231778393bfc287bb27",
"target": {
"file": "drivers/of/kexec.c"
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "CVE-2022-50159-c122567f",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"46575601503941681999406664333357061349",
"248476312692028839468940096173588518582",
"166291506870999091712887418392717099193",
"234391702787891957181049365903514934316",
"277110003330788561753997257888955011950",
"155843829393364814276629572371003758322",
"270831162297440101141755161327386534256"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cbf9c4b9617b6767886a913705ca14b7600c77db",
"target": {
"file": "drivers/of/kexec.c"
},
"signature_type": "Line",
"signature_version": "v1"
}
]
}