{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49353","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:08:31.545Z","datePublished":"2025-02-26T02:11:04.982Z","dateUpdated":"2025-10-01T19:46:54.302Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:35:54.660Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/papr_scm: don't requests stats with '0' sized stats buffer\n\nSachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic being\nreported with vPMEM when papr_scm probe is being called. The panic is of the\nform below and is observed only with following option disabled(profile) for the\nsaid LPAR 'Enable Performance Information Collection' in the HMC:\n\n Kernel attempted to write user page (1c) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on write at 0x0000001c\n Faulting instruction address: 0xc008000001b90844\n Oops: Kernel access of bad area, sig: 11 [#1]\n<snip>\n NIP [c008000001b90844] drc_pmem_query_stats+0x5c/0x270 [papr_scm]\n LR [c008000001b92794] papr_scm_probe+0x2ac/0x6ec [papr_scm]\n Call Trace:\n       0xc00000000941bca0 (unreliable)\n       papr_scm_probe+0x2ac/0x6ec [papr_scm]\n       platform_probe+0x98/0x150\n       really_probe+0xfc/0x510\n       __driver_probe_device+0x17c/0x230\n<snip>\n ---[ end trace 0000000000000000 ]---\n Kernel panic - not syncing: Fatal exception\n\nOn investigation looks like this panic was caused due to a 'stat_buffer' of\nsize==0 being provided to drc_pmem_query_stats() to fetch all performance\nstats-ids of an NVDIMM. However drc_pmem_query_stats() shouldn't have been called\nsince the vPMEM NVDIMM doesn't support and performance stat-id's. This was caused\ndue to missing check for 'p->stat_buffer_len' at the beginning of\npapr_scm_pmu_check_events() which indicates that the NVDIMM doesn't support\nperformance-stats.\n\nFix this by introducing the check for 'p->stat_buffer_len' at the beginning of\npapr_scm_pmu_check_events().\n\n[1] https://lore.kernel.org/all/6B3A522A-6A5F-4CC9-B268-0C63AA6E07D3@linux.ibm.com"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/powerpc/platforms/pseries/papr_scm.c"],"versions":[{"version":"b073096df4dec70d0436321b7093bad27ae91f9e","lessThan":"e1295aab2ebcda1c1a9ed342baedc080e5c393e5","status":"affected","versionType":"git"},{"version":"0e0946e22f3665d27325d389ff45ade6e93f3678","lessThan":"07bf9431b1590d1cd7a8d62075d0b50b073f0495","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/powerpc/platforms/pseries/papr_scm.c"],"versions":[{"version":"5.18.3","lessThan":"5.18.4","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18.3","versionEndExcluding":"5.18.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e1295aab2ebcda1c1a9ed342baedc080e5c393e5"},{"url":"https://git.kernel.org/stable/c/07bf9431b1590d1cd7a8d62075d0b50b073f0495"}],"title":"powerpc/papr_scm: don't requests stats with '0' sized stats buffer","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2022-49353","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-10-01T19:42:48.865208Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T19:46:54.302Z"}}]}}