CVE-2022-49172 (GCVE-0-2022-49172)
Vulnerability from cvelistv5
Published
2025-02-26 01:55
Modified
2025-05-04 08:31
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: parisc: Fix non-access data TLB cache flush faults When a page is not present, we get non-access data TLB faults from the fdc and fic instructions in flush_user_dcache_range_asm and flush_user_icache_range_asm. When these occur, the cache line is not invalidated and potentially we get memory corruption. The problem was hidden by the nullification of the flush instructions. These faults also affect performance. With pa8800/pa8900 processors, there will be 32 faults per 4 KB page since the cache line is 128 bytes. There will be more faults with earlier processors. The problem is fixed by using flush_cache_pages(). It does the flush using a tmp alias mapping. The flush_cache_pages() call in flush_cache_range() flushed too large a range. V2: Remove unnecessary preempt_disable() and preempt_enable() calls.
References
Impacted products
Vendor Product Version
Linux Linux Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/parisc/kernel/cache.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b3d6adb3a49d82e4e557c5fc16f50c9ff731da5d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ddca4b82027e2a66333dd40fab21a4beff435c7e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f839e5f1cef36ce268950c387129b1bfefdaebc9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/parisc/kernel/cache.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.17.*",
              "status": "unaffected",
              "version": "5.17.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Fix non-access data TLB cache flush faults\n\nWhen a page is not present, we get non-access data TLB faults from\nthe fdc and fic instructions in flush_user_dcache_range_asm and\nflush_user_icache_range_asm. When these occur, the cache line is\nnot invalidated and potentially we get memory corruption. The\nproblem was hidden by the nullification of the flush instructions.\n\nThese faults also affect performance. With pa8800/pa8900 processors,\nthere will be 32 faults per 4 KB page since the cache line is 128\nbytes.  There will be more faults with earlier processors.\n\nThe problem is fixed by using flush_cache_pages(). It does the flush\nusing a tmp alias mapping.\n\nThe flush_cache_pages() call in flush_cache_range() flushed too\nlarge a range.\n\nV2: Remove unnecessary preempt_disable() and preempt_enable() calls."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:31:33.041Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b3d6adb3a49d82e4e557c5fc16f50c9ff731da5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ddca4b82027e2a66333dd40fab21a4beff435c7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f839e5f1cef36ce268950c387129b1bfefdaebc9"
        }
      ],
      "title": "parisc: Fix non-access data TLB cache flush faults",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49172",
    "datePublished": "2025-02-26T01:55:28.628Z",
    "dateReserved": "2025-02-26T01:49:39.279Z",
    "dateUpdated": "2025-05-04T08:31:33.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-49172\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-02-26T07:00:54.313\",\"lastModified\":\"2025-09-23T13:42:30.587\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nparisc: Fix non-access data TLB cache flush faults\\n\\nWhen a page is not present, we get non-access data TLB faults from\\nthe fdc and fic instructions in flush_user_dcache_range_asm and\\nflush_user_icache_range_asm. When these occur, the cache line is\\nnot invalidated and potentially we get memory corruption. The\\nproblem was hidden by the nullification of the flush instructions.\\n\\nThese faults also affect performance. With pa8800/pa8900 processors,\\nthere will be 32 faults per 4 KB page since the cache line is 128\\nbytes.  There will be more faults with earlier processors.\\n\\nThe problem is fixed by using flush_cache_pages(). It does the flush\\nusing a tmp alias mapping.\\n\\nThe flush_cache_pages() call in flush_cache_range() flushed too\\nlarge a range.\\n\\nV2: Remove unnecessary preempt_disable() and preempt_enable() calls.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: parisc: Se corrigen los fallos de vaciado de cach\u00e9 TLB de datos sin acceso Cuando una p\u00e1gina no est\u00e1 presente, obtenemos fallos de TLB de datos sin acceso de las instrucciones fdc y fic en flush_user_dcache_range_asm y flush_user_icache_range_asm. Cuando esto ocurre, la l\u00ednea de cach\u00e9 no se invalida y potencialmente obtenemos corrupci\u00f3n de memoria. El problema estaba oculto por la anulaci\u00f3n de las instrucciones de vaciado. Estos fallos tambi\u00e9n afectan el rendimiento. Con los procesadores pa8800/pa8900, habr\u00e1 32 fallos por p\u00e1gina de 4 KB ya que la l\u00ednea de cach\u00e9 es de 128 bytes. Habr\u00e1 m\u00e1s fallos con procesadores anteriores. El problema se soluciona utilizando flush_cache_pages(). Realiza el vaciado utilizando una asignaci\u00f3n de alias tmp. La llamada flush_cache_pages() en flush_cache_range() vaci\u00f3 un rango demasiado grande. V2: Eliminar las llamadas preempt_disable() y preempt_enable() innecesarias.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.16.19\",\"matchCriteriaId\":\"18F5AF68-F1E7-4C3F-8521-ECDD471EAC43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.17\",\"versionEndExcluding\":\"5.17.2\",\"matchCriteriaId\":\"210C679C-CF84-44A3-8939-E629C87E54BF\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/b3d6adb3a49d82e4e557c5fc16f50c9ff731da5d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ddca4b82027e2a66333dd40fab21a4beff435c7e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f839e5f1cef36ce268950c387129b1bfefdaebc9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.