CVE-2022-48752

一、漏洞信息
 漏洞编号：[CVE-2022-48752](https://nvd.nist.gov/vuln/detail/CVE-2022-48752)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0,6.6.0
 CVSS V2.0分值：
  BaseScore：0.0 Medium
  Vector：CVSS：2.0/
 漏洞简述：
  In the Linux kernel, the following vulnerability has been resolved:powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pendingRunning selftest with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled in kerneltriggered below warning:[  172.851380] ------------[ cut here ]------------[  172.851391] WARNING: CPU: 8 PID: 2901 at arch/powerpc/include/asm/hw_irq.h:246 power_pmu_disable+0x270/0x280[  172.851402] Modules linked in: dm_mod bonding nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink sunrpc xfs libcrc32c pseries_rng xts vmx_crypto uio_pdrv_genirq uio sch_fq_codel ip_tables ext4 mbcache jbd2 sd_mod t10_pi sg ibmvscsi ibmveth scsi_transport_srp fuse[  172.851442] CPU: 8 PID: 2901 Comm: lost_exception_ Not tainted 5.16.0-rc5-03218-g798527287598 #2[  172.851451] NIP:  c00000000013d600 LR: c00000000013d5a4 CTR: c00000000013b180[  172.851458] REGS: c000000017687860 TRAP: 0700   Not tainted  (5.16.0-rc5-03218-g798527287598)[  172.851465] MSR:  8000000000029033 <SF,EE,ME,IR,DR,RI,LE>  CR: 48004884  XER: 20040000[  172.851482] CFAR: c00000000013d5b4 IRQMASK: 1[  172.851482] GPR00: c00000000013d5a4 c000000017687b00 c000000002a10600 0000000000000004[  172.851482] GPR04: 0000000082004000 c0000008ba08f0a8 0000000000000000 00000008b7ed0000[  172.851482] GPR08: 00000000446194f6 0000000000008000 c00000000013b118 c000000000d58e68[  172.851482] GPR12: c00000000013d390 c00000001ec54a80 0000000000000000 0000000000000000[  172.851482] GPR16: 0000000000000000 0000000000000000 c000000015d5c708 c0000000025396d0[  172.851482] GPR20: 0000000000000000 0000000000000000 c00000000a3bbf40 0000000000000003[  172.851482] GPR24: 0000000000000000 c0000008ba097400 c0000000161e0d00 c00000000a3bb600[  172.851482] GPR28: c000000015d5c700 0000000000000001 0000000082384090 c0000008ba0020d8[  172.851549] NIP [c00000000013d600] power_pmu_disable+0x270/0x280[  172.851557] LR [c00000000013d5a4] power_pmu_disable+0x214/0x280[  172.851565] Call Trace:[  172.851568] [c000000017687b00] [c00000000013d5a4] power_pmu_disable+0x214/0x280 (unreliable)[  172.851579] [c000000017687b40] [c0000000003403ac] perf_pmu_disable+0x4c/0x60[  172.851588] [c000000017687b60] [c0000000003445e4] __perf_event_task_sched_out+0x1d4/0x660[  172.851596] [c000000017687c50] [c000000000d1175c] __schedule+0xbcc/0x12a0[  172.851602] [c000000017687d60] [c000000000d11ea8] schedule+0x78/0x140[  172.851608] [c000000017687d90] [c0000000001a8080] sys_sched_yield+0x20/0x40[  172.851615] [c000000017687db0] [c0000000000334dc] system_call_exception+0x18c/0x380[  172.851622] [c000000017687e10] [c00000000000c74c] system_call_common+0xec/0x268The warning indicates that MSR_EE being set(interrupt enabled) whenthere was an overflown PMC detected. This could happen inpower_pmu_disable since it runs under interrupt soft disablecondition ( local_irq_save ) and not with interrupts hard disabled.commit 2c9ac51b850d ( powerpc/perf: Fix PMU callbacks to clearpending PMI before resetting an overflown PMC ) intended to clearPMI pending bit in Paca when disabling the PMU. It could happenthat PMC gets overflown while code is in power_pmu_disablecallback function. Hence add a check to see if PMI pending bitis set in Paca before clearing it via clear_pmi_pending.
 漏洞公开时间：2024-06-20 20:15:13
 漏洞创建时间：2024-06-25 02:07:11
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2022-48752
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/28aaed966e76807a71de79dd40a8eee9042374dd |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/55402a4618721f350a9ab660bb42717d8aa18e7c |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/fa4ad064a6bd49208221df5e62adf27b426d1720 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/fb6433b48a178d4672cb26632454ee0b21056eaa |  |
| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48752 | https://bugzilla.suse.com/show_bug.cgi?id=1226709 |
| suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2022/CVE-2022-48752.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1226709 |
| suse_bugzilla | https://git.kernel.org/stable/c/55402a4618721f350a9ab660bb42717d8aa18e7c | https://bugzilla.suse.com/show_bug.cgi?id=1226709 |
| suse_bugzilla | https://git.kernel.org/stable/c/28aaed966e76807a71de79dd40a8eee9042374dd | https://bugzilla.suse.com/show_bug.cgi?id=1226709 |
| suse_bugzilla | https://git.kernel.org/stable/c/fa4ad064a6bd49208221df5e62adf27b426d1720 | https://bugzilla.suse.com/show_bug.cgi?id=1226709 |
| suse_bugzilla | https://git.kernel.org/stable/c/fb6433b48a178d4672cb26632454ee0b21056eaa | https://bugzilla.suse.com/show_bug.cgi?id=1226709 |
| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2022-48752 | https://bugzilla.suse.com/show_bug.cgi?id=1226709 |
| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2293306 | https://bugzilla.suse.com/show_bug.cgi?id=1226709 |
| redhat_bugzilla | https://lore.kernel.org/linux-cve-announce/2024062006-CVE-2022-48752-7ff8@gregkh/T | https://bugzilla.redhat.com/show_bug.cgi?id=2293306 |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
    In the Linux kernel, the following vulnerability has been resolved:powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pendingRunning selftest with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled in kerneltriggered below warning:[  172.851380] ------------[ cut here ]------------[  172.851391] WARNING: CPU: 8 PID: 2901 at arch/powerpc/include/asm/hw_irq.h:246 power_pmu_disable+0x270/0x280[  172.851402] Modules linked in: dm_mod bonding nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink sunrpc xfs libcrc32c pseries_rng xts vmx_crypto uio_pdrv_genirq uio sch_fq_codel ip_tables ext4 mbcache jbd2 sd_mod t10_pi sg ibmvscsi ibmveth scsi_transport_srp fuse[  172.851442] CPU: 8 PID: 2901 Comm: lost_exception_ Not tainted 5.16.0-rc5-03218-g798527287598 #2[  172.851451] NIP:  c00000000013d600 LR: c00000000013d5a4 CTR: c00000000013b180[  172.851458] REGS: c000000017687860 TRAP: 0700   Not tainted  (5.16.0-rc5-03218-g798527287598)[  172.851465] MSR:  8000000000029033 <SF,EE,ME,IR,DR,RI,LE>  CR: 48004884  XER: 20040000[  172.851482] CFAR: c00000000013d5b4 IRQMASK: 1[  172.851482] GPR00: c00000000013d5a4 c000000017687b00 c000000002a10600 0000000000000004[  172.851482] GPR04: 0000000082004000 c0000008ba08f0a8 0000000000000000 00000008b7ed0000[  172.851482] GPR08: 00000000446194f6 0000000000008000 c00000000013b118 c000000000d58e68[  172.851482] GPR12: c00000000013d390 c00000001ec54a80 0000000000000000 0000000000000000[  172.851482] GPR16: 0000000000000000 0000000000000000 c000000015d5c708 c0000000025396d0[  172.851482] GPR20: 0000000000000000 0000000000000000 c00000000a3bbf40 0000000000000003[  172.851482] GPR24: 0000000000000000 c0000008ba097400 c0000000161e0d00 c00000000a3bb600[  172.851482] GPR28: c000000015d5c700 0000000000000001 0000000082384090 c0000008ba0020d8[  172.851549] NIP [c00000000013d600] power_pmu_disable+0x270/0x280[  172.851557] LR [c00000000013d5a4] power_pmu_disable+0x214/0x280[  172.851565] Call Trace:[  172.851568] [c000000017687b00] [c00000000013d5a4] power_pmu_disable+0x214/0x280 (unreliable)[  172.851579] [c000000017687b40] [c0000000003403ac] perf_pmu_disable+0x4c/0x60[  172.851588] [c000000017687b60] [c0000000003445e4] __perf_event_task_sched_out+0x1d4/0x660[  172.851596] [c000000017687c50] [c000000000d1175c] __schedule+0xbcc/0x12a0[  172.851602] [c000000017687d60] [c000000000d11ea8] schedule+0x78/0x140[  172.851608] [c000000017687d90] [c0000000001a8080] sys_sched_yield+0x20/0x40[  172.851615] [c000000017687db0] [c0000000000334dc] system_call_exception+0x18c/0x380[  172.851622] [c000000017687e10] [c00000000000c74c] system_call_common+0xec/0x268The warning indicates that MSR_EE being set(interrupt enabled) whenthere was an overflown PMC detected. This could happen inpower_pmu_disable since it runs under interrupt soft disablecondition ( local_irq_save ) and not with interrupts hard disabled.commit 2c9ac51b850d ( powerpc/perf: Fix PMU callbacks to clearpending PMI before resetting an overflown PMC ) intended to clearPMI pending bit in Paca when disabling the PMU. It could happenthat PMC gets overflown while code is in power_pmu_disablecallback function. Hence add a check to see if PMI pending bitis set in Paca before clearing it via clear_pmi_pending. 
 openEuler评分：
  5.5
 Vector：CVSS：2.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP4(4.19.90):不受影响
2.openEuler-22.03-LTS-SP1(5.10.0):不受影响
3.openEuler-22.03-LTS-SP3(5.10.0):不受影响
4.openEuler-22.03-LTS-SP4(5.10.0):不受影响
5.master(6.1.0):不受影响
6.openEuler-24.03-LTS(6.6.0):不受影响
7.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP1(5.10.0):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.master(6.1.0):否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-22.03-LTS-SP4(5.10.0):否

src-openEuler/kernel

Content Risk Flag

Comments (10)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

Content Risk Flag

CVE-2022-48752

Comments (10)

Search

src-openEuler/kernel