{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49090","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T01:49:39.249Z","datePublished":"2025-02-26T01:54:46.227Z","dateUpdated":"2025-05-04T08:29:30.905Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:29:30.905Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\narch/arm64: Fix topology initialization for core scheduling\n\nArm64 systems rely on store_cpu_topology() to call update_siblings_masks()\nto transfer the toplogy to the various cpu masks. This needs to be done\nbefore the call to notify_cpu_starting() which tells the scheduler about\neach cpu found, otherwise the core scheduling data structures are setup\nin a way that does not match the actual topology.\n\nWith smt_mask not setup correctly we bail on `cpumask_weight(smt_mask) == 1`\nfor !leaders in:\n\n notify_cpu_starting()\n   cpuhp_invoke_callback_range()\n     sched_cpu_starting()\n       sched_core_cpu_starting()\n\nwhich leads to rq->core not being correctly set for !leader-rq's.\n\nWithout this change stress-ng (which enables core scheduling in its prctl\ntests in newer versions -- i.e. with PR_SCHED_CORE support) causes a warning\nand then a crash (trimmed for legibility):\n\n[ 1853.805168] ------------[ cut here ]------------\n[ 1853.809784] task_rq(b)->core != rq->core\n[ 1853.809792] WARNING: CPU: 117 PID: 0 at kernel/sched/fair.c:11102 cfs_prio_less+0x1b4/0x1c4\n...\n[ 1854.015210] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n...\n[ 1854.231256] Call trace:\n[ 1854.233689]  pick_next_task+0x3dc/0x81c\n[ 1854.237512]  __schedule+0x10c/0x4cc\n[ 1854.240988]  schedule_idle+0x34/0x54"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/arm64/kernel/smp.c"],"versions":[{"version":"9edeaea1bc452372718837ed2ba775811baf1ba1","lessThan":"87f5d66daa5f457449bb95d6b8d18bb7596aa627","status":"affected","versionType":"git"},{"version":"9edeaea1bc452372718837ed2ba775811baf1ba1","lessThan":"790c1567582bda8f1153015436e3330a7c6eb278","status":"affected","versionType":"git"},{"version":"9edeaea1bc452372718837ed2ba775811baf1ba1","lessThan":"c78a1b2d0bff678570c8dc9f14035606f5e5257d","status":"affected","versionType":"git"},{"version":"9edeaea1bc452372718837ed2ba775811baf1ba1","lessThan":"5524cbb1bfcdff0cad0aaa9f94e6092002a07259","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/arm64/kernel/smp.c"],"versions":[{"version":"5.14","status":"affected"},{"version":"0","lessThan":"5.14","status":"unaffected","versionType":"semver"},{"version":"5.15.34","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16.20","lessThanOrEqual":"5.16.*","status":"unaffected","versionType":"semver"},{"version":"5.17.3","lessThanOrEqual":"5.17.*","status":"unaffected","versionType":"semver"},{"version":"5.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.15.34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.16.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.17.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/87f5d66daa5f457449bb95d6b8d18bb7596aa627"},{"url":"https://git.kernel.org/stable/c/790c1567582bda8f1153015436e3330a7c6eb278"},{"url":"https://git.kernel.org/stable/c/c78a1b2d0bff678570c8dc9f14035606f5e5257d"},{"url":"https://git.kernel.org/stable/c/5524cbb1bfcdff0cad0aaa9f94e6092002a07259"}],"title":"arch/arm64: Fix topology initialization for core scheduling","x_generator":{"engine":"bippy-1.2.0"}}}}