CVE-2022-49353

Advisory lineage Upstream: 0 Downstream: 5

Downstream

DEBIAN-CVE-2022-49353 RHSA-2025:20518 SUSE-SU-2025:1176-1 SUSE-SU-2025:1241-1 UBUNTU-CVE-2022-49353

Modified

Published: 26 Feb 2025, 02:11

Last modified:11 May 2026, 18:58

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (cve.org)

EPSS Score

0.09% LOW

0% probability +0.05%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 Feb 2025, 02:11

Published

Vulnerability first disclosed

11 May 2026, 18:58

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/papr_scm: don't requests stats with '0' sized stats buffer Sachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic being reported with vPMEM when papr_scm probe is being called. The panic is of the form below and is observed only with following option disabled(profile) for the said LPAR 'Enable Performance Information Collection' in the HMC: Kernel attempted to write user page (1c) - exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on write at 0x0000001c Faulting instruction address: 0xc008000001b90844 Oops: Kernel access of bad area, sig: 11 [#1] <snip> NIP [c008000001b90844] drc_pmem_query_stats+0x5c/0x270 [papr_scm] LR [c008000001b92794] papr_scm_probe+0x2ac/0x6ec [papr_scm] Call Trace: 0xc00000000941bca0 (unreliable) papr_scm_probe+0x2ac/0x6ec [papr_scm] platform_probe+0x98/0x150 really_probe+0xfc/0x510 __driver_probe_device+0x17c/0x230 <snip> ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception On investigation looks like this panic was caused due to a 'stat_buffer' of size==0 being provided to drc_pmem_query_stats() to fetch all performance stats-ids of an NVDIMM. However drc_pmem_query_stats() shouldn't have been called since the vPMEM NVDIMM doesn't support and performance stat-id's. This was caused due to missing check for 'p->stat_buffer_len' at the beginning of papr_scm_pmu_check_events() which indicates that the NVDIMM doesn't support performance-stats. Fix this by introducing the check for 'p->stat_buffer_len' at the beginning of papr_scm_pmu_check_events(). [1] https://lore.kernel.org/all/6B3A522A-6A5F-4CC9-B268-0C63AA6E07D3@linux.ibm.com

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.09%• Percentile: 26%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ b073096df4dec70d0436321b7093bad27ae91f9e, < e1295aab2ebcda1c1a9ed342baedc080e5c393e5 | ≥ 0e0946e22f3665d27325d389ff45ade6e93f3678, < 07bf9431b1590d1cd7a8d62075d0b50b073f0495 | ≥ 5.18.3, < 5.18.4
linux•linux_kernel
5.18.3