CVE-2022-49004

In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAP_STACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is allocated in a new PGD (one that was not present at the moment of the efi page table creation or not synced in a previous vmalloc fault), the kernel will take a trap when switching to the efi page table when the vmalloc kernel stack is accessed, resulting in a kernel panic. Fix that by updating the efi kernel mappings before switching to the efi page table.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3f105a742725a1b78766a55169f1d827732e62b8	Patch
https://git.kernel.org/stable/c/96f479383d92944406d4b3f2bc03c2f640def9f1	Patch
https://git.kernel.org/stable/c/fa7a7d185ef380546b4b1fed6f84f31dbae8cec7	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.1:rc7::::::

History

No history.

Information

Published : 2024-10-21 20:15

Updated : 2024-10-25 14:21

NVD link : CVE-2022-49004

Mitre link : CVE-2022-49004

CVE.ORG link : CVE-2022-49004

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-49004", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-10-21T20:15:11.990", "references": [{"url": "https://git.kernel.org/stable/c/3f105a742725a1b78766a55169f1d827732e62b8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/96f479383d92944406d4b3f2bc03c2f640def9f1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fa7a7d185ef380546b4b1fed6f84f31dbae8cec7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Sync efi page table's kernel mappings before switching\n\nThe EFI page table is initially created as a copy of the kernel page table.\nWith VMAP_STACK enabled, kernel stacks are allocated in the vmalloc area:\nif the stack is allocated in a new PGD (one that was not present at the\nmoment of the efi page table creation or not synced in a previous vmalloc\nfault), the kernel will take a trap when switching to the efi page table\nwhen the vmalloc kernel stack is accessed, resulting in a kernel panic.\n\nFix that by updating the efi kernel mappings before switching to the efi\npage table."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: Sincronizar las asignaciones de kernel de la tabla de p\u00e1ginas efi antes de cambiar La tabla de p\u00e1ginas efi se crea inicialmente como una copia de la tabla de p\u00e1ginas del kernel. Con VMAP_STACK habilitado, las pilas del kernel se asignan en el \u00e1rea vmalloc: si la pila se asigna en un nuevo PGD (uno que no estaba presente en el momento de la creaci\u00f3n de la tabla de p\u00e1ginas efi o no se sincroniz\u00f3 en un error vmalloc anterior), el kernel tomar\u00e1 una trampa al cambiar a la tabla de p\u00e1ginas efi cuando se accede a la pila del kernel vmalloc, lo que resulta en un p\u00e1nico del kernel. Solucione eso actualizando las asignaciones de kernel efi antes de cambiar a la tabla de p\u00e1ginas efi."}], "lastModified": "2024-10-25T14:21:21.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4165171-EE33-4D81-A676-357C0DDDA2D4", "versionEndExcluding": "5.15.82", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D56E90-F3EE-413D-B3E2-B518932F0C7D", "versionEndExcluding": "6.0.12", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FFFB0B3-930D-408A-91E2-BAE0C2715D80"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8535320E-A0DB-4277-800E-D0CE5BBA59E8"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}