We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-49955

powerpc/rtas: Fix RTAS MSR[HV] handling for Cell



Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fix RTAS MSR[HV] handling for Cell The semi-recent changes to MSR handling when entering RTAS (firmware) cause crashes on IBM Cell machines. An example trace: kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0) BUG: Unable to handle kernel instruction fetch Faulting instruction address: 0x2fff01a8 Oops: Kernel access of bad area, sig: 11 [#1] BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell Modules linked in: CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.0.0-rc2-00433-gede0a8d3307a #207 NIP: 000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000 REGS: c0000000015236b0 TRAP: 0400 Tainted: G W (6.0.0-rc2-00433-gede0a8d3307a) MSR: 0000000008001002 <ME,RI> CR: 00000000 XER: 20000000 ... NIP 0x2fff01a8 LR 0x32608 Call Trace: 0xc00000000143c5f8 (unreliable) .rtas_call+0x224/0x320 .rtas_get_boot_time+0x70/0x150 .read_persistent_clock64+0x114/0x140 .read_persistent_wall_and_boot_offset+0x24/0x80 .timekeeping_init+0x40/0x29c .start_kernel+0x674/0x8f0 start_here_common+0x1c/0x50 Unlike PAPR platforms where RTAS is only used in guests, on the IBM Cell machines Linux runs with MSR[HV] set but also uses RTAS, provided by SLOF. Fix it by copying the MSR[HV] bit from the MSR value we've just read using mfmsr into the value used for RTAS. It seems like we could also fix it using an #ifdef CELL to set MSR[HV], but that doesn't work because it's possible to build a single kernel image that runs on both Cell native and pseries.

Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

b6b1c3ce06ca438eb24e0f45bf0e63ecad0369f5 before 8b08d4f97233d8e58fff2fd9d5f86397a49733c5
affected

b6b1c3ce06ca438eb24e0f45bf0e63ecad0369f5 before 91926d8b7e71aaf5f84f0cf208fc5a8b7a761050
affected

5ca40fcf0da0ce2b5bc44e7d8b036535955f2e3d
affected

5f4367448f6817c8a0e94dc9736ed84fa8eee4a3
affected

c9c41f0273826a13ac93124e66a4ff45df281ba0
affected

Default status
affected

5.19
affected

Any version before 5.19
unaffected

5.19.8
unaffected

6.0
unaffected

References

git.kernel.org/...c/8b08d4f97233d8e58fff2fd9d5f86397a49733c5

git.kernel.org/...c/91926d8b7e71aaf5f84f0cf208fc5a8b7a761050

cve.org (CVE-2022-49955)

nvd.nist.gov (CVE-2022-49955)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2022-49955

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.