{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49964","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-06-18T10:57:27.384Z","datePublished":"2025-06-18T11:00:29.710Z","dateUpdated":"2026-05-11T19:10:06.395Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:10:06.395Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level\n\nThough acpi_find_last_cache_level() always returned signed value and the\ndocument states it will return any errors caused by lack of a PPTT table,\nit never returned negative values before.\n\nCommit 0c80f9e165f8 (\"ACPI: PPTT: Leave the table mapped for the runtime usage\")\nhowever changed it by returning -ENOENT if no PPTT was found. The value\nreturned from acpi_find_last_cache_level() is then assigned to unsigned\nfw_level.\n\nIt will result in the number of cache leaves calculated incorrectly as\na huge value which will then cause the following warning from __alloc_pages\nas the order would be great than MAX_ORDER because of incorrect and huge\ncache leaves value.\n\n  |  WARNING: CPU: 0 PID: 1 at mm/page_alloc.c:5407 __alloc_pages+0x74/0x314\n  |  Modules linked in:\n  |  CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-10393-g7c2a8d3ac4c0 #73\n  |  pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  |  pc : __alloc_pages+0x74/0x314\n  |  lr : alloc_pages+0xe8/0x318\n  |  Call trace:\n  |   __alloc_pages+0x74/0x314\n  |   alloc_pages+0xe8/0x318\n  |   kmalloc_order_trace+0x68/0x1dc\n  |   __kmalloc+0x240/0x338\n  |   detect_cache_attributes+0xe0/0x56c\n  |   update_siblings_masks+0x38/0x284\n  |   store_cpu_topology+0x78/0x84\n  |   smp_prepare_cpus+0x48/0x134\n  |   kernel_init_freeable+0xc4/0x14c\n  |   kernel_init+0x2c/0x1b4\n  |   ret_from_fork+0x10/0x20\n\nFix the same by changing fw_level to be signed integer and return the\nerror from init_cache_level() early in case of error."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/arm64/kernel/cacheinfo.c"],"versions":[{"version":"f03d253ba71994b196f342a7acad448a56812a8c","lessThan":"a754ee1c66bd0a23e613f0bf865053b29cb90e16","status":"affected","versionType":"git"},{"version":"0c80f9e165f8f9cca743d7b6cbdb54362da297e0","lessThan":"e75d18cecbb3805895d8ed64da4f78575ec96043","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/arm64/kernel/cacheinfo.c"],"versions":[{"version":"5.19.4","lessThan":"5.19.7","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19.4","versionEndExcluding":"5.19.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a754ee1c66bd0a23e613f0bf865053b29cb90e16"},{"url":"https://git.kernel.org/stable/c/e75d18cecbb3805895d8ed64da4f78575ec96043"}],"title":"arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level","x_generator":{"engine":"bippy-1.2.0"}}}}