CVE-2022-49964 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level Though acpi_find_last_cache_level() always returned signed value and the document states it will return any errors caused by lack of a PPTT table, it never returned negative values before. Commit 0c80f9e165f8 ("ACPI: PPTT: Leave the table mapped for the runtime usage") however changed it by returning -ENOENT if no PPTT was found. The value returned from acpi_find_last_cache_level() is then assigned to unsigned fw_level. It will result in the number of cache leaves calculated incorrectly as a huge value which will then cause the following warning from __alloc_pages as the order would be great than MAX_ORDER because of incorrect and huge cache leaves value. | WARNING: CPU: 0 PID: 1 at mm/page_alloc.c:5407 __alloc_pages+0x74/0x314 | Modules linked in: | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-10393-g7c2a8d3ac4c0 #73 | pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : __alloc_pages+0x74/0x314 | lr : alloc_pages+0xe8/0x318 | Call trace: | __alloc_pages+0x74/0x314 | alloc_pages+0xe8/0x318 | kmalloc_order_trace+0x68/0x1dc | __kmalloc+0x240/0x338 | detect_cache_attributes+0xe0/0x56c | update_siblings_masks+0x38/0x284 | store_cpu_topology+0x78/0x84 | smp_prepare_cpus+0x48/0x134 | kernel_init_freeable+0xc4/0x14c | kernel_init+0x2c/0x1b4 | ret_from_fork+0x10/0x20 Fix the same by changing fw_level to be signed integer and return the error from init_cache_level() early in case of error.

Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status

unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 1668c38ef2e5bb80dbee88afcecfcdc3e7abc2aa

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before fcab25a6b0ace130589d810390d1ce3698b53604

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 43b9af72751a98cb9c074b170fc244714aeb59d5

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 29906311b351e5398aff2c5dc209f8b6c9d6a410

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before a754ee1c66bd0a23e613f0bf865053b29cb90e16

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before e75d18cecbb3805895d8ed64da4f78575ec96043

affected

Default status

affected

4.19.258

unaffected

5.4.213

unaffected

5.10.143

unaffected

5.15.68

unaffected

5.19.7

unaffected

6.0

unaffected

References

git.kernel.org/...c/1668c38ef2e5bb80dbee88afcecfcdc3e7abc2aa

git.kernel.org/...c/fcab25a6b0ace130589d810390d1ce3698b53604

git.kernel.org/...c/43b9af72751a98cb9c074b170fc244714aeb59d5

git.kernel.org/...c/29906311b351e5398aff2c5dc209f8b6c9d6a410

git.kernel.org/...c/a754ee1c66bd0a23e613f0bf865053b29cb90e16

git.kernel.org/...c/e75d18cecbb3805895d8ed64da4f78575ec96043

cve.org (CVE-2022-49964)

nvd.nist.gov (CVE-2022-49964)

Download JSON