| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123050-CVE-2022-50870-c90b@gregkh> Date: Tue, 30 Dec 2025 13:20:06 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50870: powerpc/rtas: avoid device tree lookups in rtas_os_term() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtas_os_term() rtas_os_term() is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ state changes. If the kernel panics while devtree_lock is held, rtas_os_term() as currently written could hang. Instead of discovering the relevant characteristics at panic time, cache them in file-static variables at boot. Note the lookup for "ibm,extended-os-term" is converted to of_property_read_bool() since it is a boolean property, not an RTAS function token. [mpe: Incorporate suggested change from Nick] The Linux kernel CVE team has assigned CVE-2022-50870 to this issue. Affected and fixed versions =========================== Fixed in 4.14.303 with commit e23822c7381c59d9e42e65771b6e17c71ed30ea7 Fixed in 4.19.270 with commit 06a07fbb32b3a23eec20a42b1e64474da0a3b33e Fixed in 5.4.229 with commit c2fa91abf22a705cf02f886cd99cff41f4ceda60 Fixed in 5.10.163 with commit f2167f10fcca68ab9ae3f8d94d2c704c5541ac69 Fixed in 5.15.87 with commit d8939315b7342860df143afe0adda6212cdd3193 Fixed in 6.0.17 with commit 698e682c849e356fb47a8be47ca8baa817cf31e0 Fixed in 6.1.3 with commit 464d10e8d797454e16a173ef1292a446b2adf21c Fixed in 6.2 with commit ed2213bfb192ab51f09f12e9b49b5d482c6493f3 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50870 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/powerpc/kernel/rtas.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e23822c7381c59d9e42e65771b6e17c71ed30ea7 https://git.kernel.org/stable/c/06a07fbb32b3a23eec20a42b1e64474da0a3b33e https://git.kernel.org/stable/c/c2fa91abf22a705cf02f886cd99cff41f4ceda60 https://git.kernel.org/stable/c/f2167f10fcca68ab9ae3f8d94d2c704c5541ac69 https://git.kernel.org/stable/c/d8939315b7342860df143afe0adda6212cdd3193 https://git.kernel.org/stable/c/698e682c849e356fb47a8be47ca8baa817cf31e0 https://git.kernel.org/stable/c/464d10e8d797454e16a173ef1292a446b2adf21c https://git.kernel.org/stable/c/ed2213bfb192ab51f09f12e9b49b5d482c6493f3
Powered by blists - more mailing lists