fkie_cve-2022-49565
Vulnerability from fkie_nvd
Published
2025-02-26 07:01
Modified
2025-02-26 07:01
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/lbr: Fix unchecked MSR access error on HSW The fuzzer triggers the below trace. [ 7763.384369] unchecked MSR access error: WRMSR to 0x689 (tried to write 0x1fffffff8101349e) at rIP: 0xffffffff810704a4 (native_write_msr+0x4/0x20) [ 7763.397420] Call Trace: [ 7763.399881] <TASK> [ 7763.401994] intel_pmu_lbr_restore+0x9a/0x1f0 [ 7763.406363] intel_pmu_lbr_sched_task+0x91/0x1c0 [ 7763.410992] __perf_event_task_sched_in+0x1cd/0x240 On a machine with the LBR format LBR_FORMAT_EIP_FLAGS2, when the TSX is disabled, a TSX quirk is required to access LBR from registers. The lbr_from_signext_quirk_needed() is introduced to determine whether the TSX quirk should be applied. However, the lbr_from_signext_quirk_needed() is invoked before the intel_pmu_lbr_init(), which parses the LBR format information. Without the correct LBR format information, the TSX quirk never be applied. Move the lbr_from_signext_quirk_needed() into the intel_pmu_lbr_init(). Checking x86_pmu.lbr_has_tsx in the lbr_from_signext_quirk_needed() is not required anymore. Both LBR_FORMAT_EIP_FLAGS2 and LBR_FORMAT_INFO have LBR_TSX flag, but only the LBR_FORMAT_EIP_FLAGS2 requirs the quirk. Update the comments accordingly.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/625bcd0685a1612225df83468c83412fc0edb3d7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b0380e13502adf7dd8be4c47d622c3522aae6c63
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/lbr: Fix unchecked MSR access error on HSW\n\nThe fuzzer triggers the below trace.\n\n[ 7763.384369] unchecked MSR access error: WRMSR to 0x689\n(tried to write 0x1fffffff8101349e) at rIP: 0xffffffff810704a4\n(native_write_msr+0x4/0x20)\n[ 7763.397420] Call Trace:\n[ 7763.399881]  \u003cTASK\u003e\n[ 7763.401994]  intel_pmu_lbr_restore+0x9a/0x1f0\n[ 7763.406363]  intel_pmu_lbr_sched_task+0x91/0x1c0\n[ 7763.410992]  __perf_event_task_sched_in+0x1cd/0x240\n\nOn a machine with the LBR format LBR_FORMAT_EIP_FLAGS2, when the TSX is\ndisabled, a TSX quirk is required to access LBR from registers.\nThe lbr_from_signext_quirk_needed() is introduced to determine whether\nthe TSX quirk should be applied. However, the\nlbr_from_signext_quirk_needed() is invoked before the\nintel_pmu_lbr_init(), which parses the LBR format information. Without\nthe correct LBR format information, the TSX quirk never be applied.\n\nMove the lbr_from_signext_quirk_needed() into the intel_pmu_lbr_init().\nChecking x86_pmu.lbr_has_tsx in the lbr_from_signext_quirk_needed() is\nnot required anymore.\n\nBoth LBR_FORMAT_EIP_FLAGS2 and LBR_FORMAT_INFO have LBR_TSX flag, but\nonly the LBR_FORMAT_EIP_FLAGS2 requirs the quirk. Update the comments\naccordingly."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/x86/intel/lbr: Se corrige el error de acceso a MSR sin verificar en HSW. El fuzzer activa el siguiente seguimiento. [ 7763.384369] Error de acceso a MSR sin marcar: WRMSR a 0x689 (intent\u00f3 escribir 0x1fffffff8101349e) en rIP: 0xffffffff810704a4 (native_write_msr+0x4/0x20) [ 7763.397420] Seguimiento de llamadas: [ 7763.399881]  [ 7763.401994] intel_pmu_lbr_restore+0x9a/0x1f0 [ 7763.406363] intel_pmu_lbr_sched_task+0x91/0x1c0 [ 7763.410992] __perf_event_task_sched_in+0x1cd/0x240 Activado una m\u00e1quina con el formato LBR LBR_FORMAT_EIP_FLAGS2, cuando el TSX est\u00e1 deshabilitado, se requiere una peculiaridad TSX para acceder al LBR desde los registros. Se introduce lbr_from_signext_quirk_needed() para determinar si se debe aplicar la peculiaridad TSX. Sin embargo, lbr_from_signext_quirk_needed() se invoca antes de intel_pmu_lbr_init(), que analiza la informaci\u00f3n del formato LBR. Sin la informaci\u00f3n correcta del formato LBR, la peculiaridad TSX nunca se aplicar\u00e1. Mueva lbr_from_signext_quirk_needed() a intel_pmu_lbr_init(). Ya no es necesario comprobar x86_pmu.lbr_has_tsx en lbr_from_signext_quirk_needed(). Tanto LBR_FORMAT_EIP_FLAGS2 como LBR_FORMAT_INFO tienen el indicador LBR_TSX, pero solo LBR_FORMAT_EIP_FLAGS2 requiere esta caracter\u00edstica. Actualice los comentarios en consecuencia."
    }
  ],
  "id": "CVE-2022-49565",
  "lastModified": "2025-02-26T07:01:32.240",
  "metrics": {},
  "published": "2025-02-26T07:01:32.240",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/625bcd0685a1612225df83468c83412fc0edb3d7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b0380e13502adf7dd8be4c47d622c3522aae6c63"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.