{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-48795","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-16T11:38:08.895Z","datePublished":"2024-07-16T11:43:50.129Z","dateUpdated":"2025-12-23T13:20:32.995Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-12-23T13:20:32.995Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Fix data TLB miss in sba_unmap_sg\n\nRolf Eike Beer reported the following bug:\n\n[1274934.746891] Bad Address (null pointer deref?): Code=15 (Data TLB miss fault) at addr 0000004140000018\n[1274934.746891] CPU: 3 PID: 5549 Comm: cmake Not tainted 5.15.4-gentoo-parisc64 #4\n[1274934.746891] Hardware name: 9000/785/C8000\n[1274934.746891]\n[1274934.746891]      YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\n[1274934.746891] PSW: 00001000000001001111111000001110 Not tainted\n[1274934.746891] r00-03  000000ff0804fe0e 0000000040bc9bc0 00000000406760e4 0000004140000000\n[1274934.746891] r04-07  0000000040b693c0 0000004140000000 000000004a2b08b0 0000000000000001\n[1274934.746891] r08-11  0000000041f98810 0000000000000000 000000004a0a7000 0000000000000001\n[1274934.746891] r12-15  0000000040bddbc0 0000000040c0cbc0 0000000040bddbc0 0000000040bddbc0\n[1274934.746891] r16-19  0000000040bde3c0 0000000040bddbc0 0000000040bde3c0 0000000000000007\n[1274934.746891] r20-23  0000000000000006 000000004a368950 0000000000000000 0000000000000001\n[1274934.746891] r24-27  0000000000001fff 000000000800000e 000000004a1710f0 0000000040b693c0\n[1274934.746891] r28-31  0000000000000001 0000000041f988b0 0000000041f98840 000000004a171118\n[1274934.746891] sr00-03  00000000066e5800 0000000000000000 0000000000000000 00000000066e5800\n[1274934.746891] sr04-07  0000000000000000 0000000000000000 0000000000000000 0000000000000000\n[1274934.746891]\n[1274934.746891] IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000406760e8 00000000406760ec\n[1274934.746891]  IIR: 48780030    ISR: 0000000000000000  IOR: 0000004140000018\n[1274934.746891]  CPU:        3   CR30: 00000040e3a9c000 CR31: ffffffffffffffff\n[1274934.746891]  ORIG_R28: 0000000040acdd58\n[1274934.746891]  IAOQ[0]: sba_unmap_sg+0xb0/0x118\n[1274934.746891]  IAOQ[1]: sba_unmap_sg+0xb4/0x118\n[1274934.746891]  RP(r2): sba_unmap_sg+0xac/0x118\n[1274934.746891] Backtrace:\n[1274934.746891]  [<00000000402740cc>] dma_unmap_sg_attrs+0x6c/0x70\n[1274934.746891]  [<000000004074d6bc>] scsi_dma_unmap+0x54/0x60\n[1274934.746891]  [<00000000407a3488>] mptscsih_io_done+0x150/0xd70\n[1274934.746891]  [<0000000040798600>] mpt_interrupt+0x168/0xa68\n[1274934.746891]  [<0000000040255a48>] __handle_irq_event_percpu+0xc8/0x278\n[1274934.746891]  [<0000000040255c34>] handle_irq_event_percpu+0x3c/0xd8\n[1274934.746891]  [<000000004025ecb4>] handle_percpu_irq+0xb4/0xf0\n[1274934.746891]  [<00000000402548e0>] generic_handle_irq+0x50/0x70\n[1274934.746891]  [<000000004019a254>] call_on_stack+0x18/0x24\n[1274934.746891]\n[1274934.746891] Kernel panic - not syncing: Bad Address (null pointer deref?)\n\nThe bug is caused by overrunning the sglist and incorrectly testing\nsg_dma_len(sglist) before nents. Normally this doesn't cause a crash,\nbut in this case sglist crossed a page boundary. This occurs in the\nfollowing code:\n\n\twhile (sg_dma_len(sglist) && nents--) {\n\nThe fix is simply to test nents first and move the decrement of nents\ninto the loop."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/parisc/sba_iommu.c"],"versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"f23f0444ead4d941165aa82ce2fcbb997dc00e97","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"de75676ee99bf9f25b1124ff301b3f7b8ba597d4","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"867e50231c7605547d9334904d70a181f39f2d9e","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"efccc9b0c7e28d0eb7918a236e59f60dc23db4c3","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"f8f519d7df66c334b5e08f896ac70ee3b53add3b","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"b7d6f44a0fa716a82969725516dc0b16bc7cd514","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/parisc/sba_iommu.c"],"versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","status":"unaffected","versionType":"semver"},{"version":"4.9.303","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.268","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.231","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.181","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.102","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.25","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.11","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.9.303"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.14.268"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.19.231"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.4.181"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.10.102"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.15.25"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.16.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.17"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/f23f0444ead4d941165aa82ce2fcbb997dc00e97"},{"url":"https://git.kernel.org/stable/c/de75676ee99bf9f25b1124ff301b3f7b8ba597d4"},{"url":"https://git.kernel.org/stable/c/867e50231c7605547d9334904d70a181f39f2d9e"},{"url":"https://git.kernel.org/stable/c/efccc9b0c7e28d0eb7918a236e59f60dc23db4c3"},{"url":"https://git.kernel.org/stable/c/f8f519d7df66c334b5e08f896ac70ee3b53add3b"},{"url":"https://git.kernel.org/stable/c/8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2"},{"url":"https://git.kernel.org/stable/c/e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf"},{"url":"https://git.kernel.org/stable/c/b7d6f44a0fa716a82969725516dc0b16bc7cd514"}],"title":"parisc: Fix data TLB miss in sba_unmap_sg","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T15:25:01.550Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/f23f0444ead4d941165aa82ce2fcbb997dc00e97","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/de75676ee99bf9f25b1124ff301b3f7b8ba597d4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/867e50231c7605547d9334904d70a181f39f2d9e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/efccc9b0c7e28d0eb7918a236e59f60dc23db4c3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f8f519d7df66c334b5e08f896ac70ee3b53add3b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b7d6f44a0fa716a82969725516dc0b16bc7cd514","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2022-48795","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:59:22.558593Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:15.085Z"}}]}}