CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48752 – powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending
https://notcve.org/view.php?id=CVE-2022-48752
In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending Running selftest with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled in kernel triggered below warning: [ 172.851380] ------------[ cut here ]------------ [ 172.851391] WARNING: CPU: 8 PID: 2901 at arch/powerpc/include/asm/hw_irq.h:246 power_pmu_disable+0x270/0x280 [ 172.851402] Modules linked in: dm_mod bonding nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink sunrpc xfs libcrc32c pseries_rng xts vmx_crypto uio_pdrv_genirq uio sch_fq_codel ip_tables ext4 mbcache jbd2 sd_mod t10_pi sg ibmvscsi ibmveth scsi_transport_srp fuse [ 172.851442] CPU: 8 PID: 2901 Comm: lost_exception_ Not tainted 5.16.0-rc5-03218-g798527287598 #2 [ 172.851451] NIP: c00000000013d600 LR: c00000000013d5a4 CTR: c00000000013b180 [ 172.851458] REGS: c000000017687860 TRAP: 0700 Not tainted (5.16.0-rc5-03218-g798527287598) [ 172.851465] MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 48004884 XER: 20040000 [ 172.851482] CFAR: c00000000013d5b4 IRQMASK: 1 [ 172.851482] GPR00: c00000000013d5a4 c000000017687b00 c000000002a10600 0000000000000004 [ 172.851482] GPR04: 0000000082004000 c0000008ba08f0a8 0000000000000000 00000008b7ed0000 [ 172.851482] GPR08: 00000000446194f6 0000000000008000 c00000000013b118 c000000000d58e68 [ 172.851482] GPR12: c00000000013d390 c00000001ec54a80 0000000000000000 0000000000000000 [ 172.851482] GPR16: 0000000000000000 0000000000000000 c000000015d5c708 c0000000025396d0 [ 172.851482] GPR20: 0000000000000000 0000000000000000 c00000000a3bbf40 0000000000000003 [ 172.851482] GPR24: 0000000000000000 c0000008ba097400 c0000000161e0d00 c00000000a3bb600 [ 172.851482] GPR28: c000000015d5c700 0000000000000001 0000000082384090 c0000008ba0020d8 [ 172.851549] NIP [c00000000013d600] power_pmu_disable+0x270/0x280 [ 172.851557] LR [c00000000013d5a4] power_pmu_disable+0x214/0x280 [ 172.851565] Call Trace: [ 172.851568] [c000000017687b00] [c00000000013d5a4] power_pmu_disable+0x214/0x280 (unreliable) [ 172.851579] [c000000017687b40] [c0000000003403ac] perf_pmu_disable+0x4c/0x60 [ 172.851588] [c000000017687b60] [c0000000003445e4] __perf_event_task_sched_out+0x1d4/0x660 [ 172.851596] [c000000017687c50] [c000000000d1175c] __schedule+0xbcc/0x12a0 [ 172.851602] [c000000017687d60] [c000000000d11ea8] schedule+0x78/0x140 [ 172.851608] [c000000017687d90] [c0000000001a8080] sys_sched_yield+0x20/0x40 [ 172.851615] [c000000017687db0] [c0000000000334dc] system_call_exception+0x18c/0x380 [ 172.851622] [c000000017687e10] [c00000000000c74c] system_call_common+0xec/0x268 The warning indicates that MSR_EE being set(interrupt enabled) when there was an overflown PMC detected. This could happen in power_pmu_disable since it runs under interrupt soft disable condition ( local_irq_save ) and not with interrupts hard disabled. commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC") intended to clear PMI pending bit in Paca when disabling the PMU. It could happen that PMC gets overflown while code is in power_pmu_disable callback function. Hence add a check to see if PMI pending bit is set in Paca before clearing it via clear_pmi_pending. • https://git.kernel.org/stable/c/ef798cd035f316a537fee8ed170c127f12407085 https://git.kernel.org/stable/c/fadcafa3959281ce2d96feedece8c75c3f95f8a5 https://git.kernel.org/stable/c/215a90ce3754fe509efbce6b73a4bb643c7e7528 https://git.kernel.org/stable/c/55402a4618721f350a9ab660bb42717d8aa18e7c https://git.kernel.org/stable/c/28aaed966e76807a71de79dd40a8eee9042374dd https://git.kernel.org/stable/c/fa4ad064a6bd49208221df5e62adf27b426d1720 https://git.kernel.org/stable/c/fb6433b48a178d4672cb26632454ee0b21056eaa •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48751 – net/smc: Transitional solution for clcsock race issue
https://notcve.org/view.php?id=CVE-2022-48751
In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smc_setsockopt() and it is caused by accessing smc->clcsock after clcsock was released. BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 50309 Comm: nginx Kdump: loaded Tainted: G E 5.16.0-rc4+ #53 RIP: 0010:smc_setsockopt+0x59/0x280 [smc] Call Trace: <TASK> __sys_setsockopt+0xfc/0x190 __x64_sys_setsockopt+0x20/0x30 do_syscall_64+0x34/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f16ba83918e </TASK> This patch tries to fix it by holding clcsock_release_lock and checking whether clcsock has already been released before access. In case that a crash of the same reason happens in smc_getsockopt() or smc_switch_to_fallback(), this patch also checkes smc->clcsock in them too. And the caller of smc_switch_to_fallback() will identify whether fallback succeeds according to the return value. • https://git.kernel.org/stable/c/fd57770dd198f5b2ddd5b9e6bf282cf98d63adb9 https://git.kernel.org/stable/c/d1d004585b40c212b338fc8a40cbaaf230ea4703 https://git.kernel.org/stable/c/38f0bdd548fd2ef5d481b88d8a2bfef968452e34 https://git.kernel.org/stable/c/4284225cd8001e134f5cf533a7cd244bbb654d0f https://git.kernel.org/stable/c/c0bf3d8a943b6f2e912b7c1de03e2ef28e76f760 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48750 – hwmon: (nct6775) Fix crash in clear_caseopen
https://notcve.org/view.php?id=CVE-2022-48750
In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix crash in clear_caseopen Pawe? Marciniak reports the following crash, observed when clearing the chassis intrusion alarm. BUG: kernel NULL pointer dereference, address: 0000000000000028 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 3 PID: 4815 Comm: bash Tainted: G S 5.16.2-200.fc35.x86_64 #1 Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Z97 Extreme4, BIOS P2.60A 05/03/2018 RIP: 0010:clear_caseopen+0x5a/0x120 [nct6775] Code: 68 70 e8 e9 32 b1 e3 85 c0 0f 85 d2 00 00 00 48 83 7c 24 ... RSP: 0018:ffffabcb02803dd8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000 RDX: ffff8e8808192880 RSI: 0000000000000000 RDI: ffff8e87c7509a68 RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000000a R10: 000000000000000a R11: f000000000000000 R12: 000000000000001f R13: ffff8e87c7509828 R14: ffff8e87c7509a68 R15: ffff8e88494527a0 FS: 00007f4db9151740(0000) GS:ffff8e8ebfec0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000028 CR3: 0000000166b66001 CR4: 00000000001706e0 Call Trace: <TASK> kernfs_fop_write_iter+0x11c/0x1b0 new_sync_write+0x10b/0x180 vfs_write+0x209/0x2a0 ksys_write+0x4f/0xc0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae The problem is that the device passed to clear_caseopen() is the hwmon device, not the platform device, and the platform data is not set in the hwmon device. Store the pointer to sio_data in struct nct6775_data and get if from there if needed. • https://git.kernel.org/stable/c/2e7b9886968b89f0b4cbc59b8e6ed47fd4edd0dd https://git.kernel.org/stable/c/cfb7d12f2e4a4d694f49e9b4ebb352f7b67cdfbb https://git.kernel.org/stable/c/79da533d3cc717ccc05ddbd3190da8a72bc2408b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48749 – drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
https://notcve.org/view.php?id=CVE-2022-48749
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc The function performs a check on the "ctx" input parameter, however, it is used before the check. Initialize the "base" variable after the sanity check to avoid a possible NULL pointer dereference. Addresses-Coverity-ID: 1493866 ("Null pointer dereference") • https://git.kernel.org/stable/c/4259ff7ae509ed880b3a7bb685972c3a3bf4b74b https://git.kernel.org/stable/c/93a6e920d8ccb4df846c03b6e72f7e08843d294c https://git.kernel.org/stable/c/8f069f6dde518dfebe86e848508c07e497bd9298 https://git.kernel.org/stable/c/1ebc18836d5df09061657f8c548e594cbb519476 https://git.kernel.org/stable/c/170b22234d5495f5e0844246e23f004639ee89ba •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48748 – net: bridge: vlan: fix memory leak in __allowed_ingress
https://notcve.org/view.php?id=CVE-2022-48748
In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in __allowed_ingress When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port state is forwarding and the pvid state is not learning/forwarding, untagged or priority-tagged frame will be dropped but skb memory is not freed. Should free skb when __allowed_ingress returns false. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: bridge: vlan: corrige la pérdida de memoria en __allowed_ingress Cuando se usa el estado por VLAN, si la vigilancia de VLAN y las estadísticas están deshabilitadas, el marco de ingreso sin etiquetar o con etiqueta de prioridad irá a verificar pvid estado. Si el estado del puerto está reenviando y el estado del pvid no está aprendiendo/reenviando, se descartará la trama sin etiquetar o con etiqueta de prioridad, pero no se liberará la memoria skb. Debería liberar skb cuando __allowed_ingress devuelva falso. • https://git.kernel.org/stable/c/a580c76d534c7360ba68042b19cb255e8420e987 https://git.kernel.org/stable/c/446ff1fc37c74093e81db40811a07b5a19f1d797 https://git.kernel.org/stable/c/c5e216e880fa6f2cd9d4a6541269377657163098 https://git.kernel.org/stable/c/14be8d448fca6fe7b2a413831eedd55aef6c6511 https://git.kernel.org/stable/c/fd20d9738395cf8e27d0a17eba34169699fccdff • CWE-400: Uncontrolled Resource Consumption •