lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025022623-CVE-2022-49666-98ab@gregkh>
Date: Wed, 26 Feb 2025 03:23:49 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-49666: powerpc/memhotplug: Add add_pages override for PPC

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

powerpc/memhotplug: Add add_pages override for PPC

With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit")
the kernel now validate the addr against high_memory value. This results
in the below BUG_ON with dax pfns.

[  635.798741][T26531] kernel BUG at mm/page_alloc.c:5521!
1:mon> e
cpu 0x1: Vector: 700 (Program Check) at [c000000007287630]
    pc: c00000000055ed48: free_pages.part.0+0x48/0x110
    lr: c00000000053ca70: tlb_finish_mmu+0x80/0xd0
    sp: c0000000072878d0
   msr: 800000000282b033
  current = 0xc00000000afabe00
  paca    = 0xc00000037ffff300   irqmask: 0x03   irq_happened: 0x05
    pid   = 26531, comm = 50-landscape-sy
kernel BUG at :5521!
Linux version 5.19.0-rc3-14659-g4ec05be7c2e1 (kvaneesh@...-boston8) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #625 SMP Thu Jun 23 00:35:43 CDT 2022
1:mon> t
[link register   ] c00000000053ca70 tlb_finish_mmu+0x80/0xd0
[c0000000072878d0] c00000000053ca54 tlb_finish_mmu+0x64/0xd0 (unreliable)
[c000000007287900] c000000000539424 exit_mmap+0xe4/0x2a0
[c0000000072879e0] c00000000019fc1c mmput+0xcc/0x210
[c000000007287a20] c000000000629230 begin_new_exec+0x5e0/0xf40
[c000000007287ae0] c00000000070b3cc load_elf_binary+0x3ac/0x1e00
[c000000007287c10] c000000000627af0 bprm_execve+0x3b0/0xaf0
[c000000007287cd0] c000000000628414 do_execveat_common.isra.0+0x1e4/0x310
[c000000007287d80] c00000000062858c sys_execve+0x4c/0x60
[c000000007287db0] c00000000002c1b0 system_call_exception+0x160/0x2c0
[c000000007287e10] c00000000000c53c system_call_common+0xec/0x250

The fix is to make sure we update high_memory on memory hotplug.
This is similar to what x86 does in commit 3072e413e305 ("mm/memory_hotplug: introduce add_pages")

The Linux kernel CVE team has assigned CVE-2022-49666 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.15.34 with commit fddb88bd266f4513abab7c36bca98935c9148a98 and fixed in 5.15.53 with commit 89296ac435e2cf8a5101f7fab8f0c7b754b92052
	Issue introduced in 5.18 with commit ffa0b64e3be58519ae472ea29a1a1ad681e32f48 and fixed in 5.18.10 with commit 84d146fd35a01b08e9515041de60f0f915a417d5
	Issue introduced in 5.18 with commit ffa0b64e3be58519ae472ea29a1a1ad681e32f48 and fixed in 5.19 with commit ac790d09885d36143076e7e02825c541e8eee899
	Issue introduced in 5.4.190 with commit deab81144d5a043f42804207fb76cfbd8a806978
	Issue introduced in 5.10.111 with commit d36febbcd537fcc50284e8b89609632d0146529f
	Issue introduced in 5.16.20 with commit a3727c25eacd7e437c4f560957fa3a376fe93e6b
	Issue introduced in 5.17.3 with commit cbc065efcba000ad8f615f506ebe61b6d3c5145b

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49666
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	arch/powerpc/Kconfig
	arch/powerpc/mm/mem.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/89296ac435e2cf8a5101f7fab8f0c7b754b92052
	https://git.kernel.org/stable/c/84d146fd35a01b08e9515041de60f0f915a417d5
	https://git.kernel.org/stable/c/ac790d09885d36143076e7e02825c541e8eee899

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ