{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-48713","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-20T11:09:39.050Z","datePublished":"2024-06-20T11:13:07.350Z","dateUpdated":"2025-05-04T08:21:34.580Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:21:34.580Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/pt: Fix crash with stop filters in single-range mode\n\nAdd a check for !buf->single before calling pt_buffer_region_size in a\nplace where a missing check can cause a kernel crash.\n\nFixes a bug introduced by commit 670638477aed (\"perf/x86/intel/pt:\nOpportunistically use single range output mode\"), which added a\nsupport for PT single-range output mode. Since that commit if a PT\nstop filter range is hit while tracing, the kernel will crash because\nof a null pointer dereference in pt_handle_status due to calling\npt_buffer_region_size without a ToPA configured.\n\nThe commit which introduced single-range mode guarded almost all uses of\nthe ToPA buffer variables with checks of the buf->single variable, but\nmissed the case where tracing was stopped by the PT hardware, which\nhappens when execution hits a configured stop filter.\n\nTested that hitting a stop filter while PT recording successfully\nrecords a trace with this patch but crashes without this patch."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/events/intel/pt.c"],"versions":[{"version":"670638477aede0d7a355ced04b569214aa3feacd","lessThan":"456f041e035913fcedb275aff6f8a71dfebcd394","status":"affected","versionType":"git"},{"version":"670638477aede0d7a355ced04b569214aa3feacd","lessThan":"e83d941fd3445f660d2f43647c580a320cc384f6","status":"affected","versionType":"git"},{"version":"670638477aede0d7a355ced04b569214aa3feacd","lessThan":"feffb6ae2c80b9a8206450cdef90f5943baced99","status":"affected","versionType":"git"},{"version":"670638477aede0d7a355ced04b569214aa3feacd","lessThan":"1d9093457b243061a9bba23543c38726e864a643","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/x86/events/intel/pt.c"],"versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","status":"unaffected","versionType":"semver"},{"version":"5.10.99","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.22","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.8","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.99"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.15.22"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.16.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/456f041e035913fcedb275aff6f8a71dfebcd394"},{"url":"https://git.kernel.org/stable/c/e83d941fd3445f660d2f43647c580a320cc384f6"},{"url":"https://git.kernel.org/stable/c/feffb6ae2c80b9a8206450cdef90f5943baced99"},{"url":"https://git.kernel.org/stable/c/1d9093457b243061a9bba23543c38726e864a643"}],"title":"perf/x86/intel/pt: Fix crash with stop filters in single-range mode","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-20T15:57:49.148833Z","id":"CVE-2022-48713","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-20T15:58:11.307Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:17:55.875Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/456f041e035913fcedb275aff6f8a71dfebcd394","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e83d941fd3445f660d2f43647c580a320cc384f6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/feffb6ae2c80b9a8206450cdef90f5943baced99","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1d9093457b243061a9bba23543c38726e864a643","tags":["x_transferred"]}]}]}}