CVE-2022-49709

Summary

In the Linux kernel, the following vulnerability has been resolved:

cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle

RCU_NONIDLE usage during __cfi_slowpath_diag can result in an invalid RCU state in the cpuidle code path:

WARNING: CPU: 1 PID: 0 at kernel/rcu/tree.c:613 rcu_eqs_enter+0xe4/0x138 … Call trace: rcu_eqs_enter+0xe4/0x138 rcu_idle_enter+0xa8/0x100 cpuidle_enter_state+0x154/0x3a8 cpuidle_enter+0x3c/0x58 do_idle.llvm.6590768638138871020+0x1f4/0x2ec cpu_startup_entry+0x28/0x2c secondary_start_kernel+0x1b8/0x220 __secondary_switched+0x94/0x98

Instead, call rcu_irq_enter/exit to wake up RCU only when needed and disable interrupts for the entire CFI shadow/module check when we do.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcf68fffb66d60d96209446bfc4a15291dc5a5d41 < 75f3a5fa2ad049c85ab5d5ee1ed9cfaa7e62c5edaffected
LinuxLinuxcf68fffb66d60d96209446bfc4a15291dc5a5d41 < ca3897f2ac02ceae5e6fa794f83c36f9885b93daaffected
LinuxLinuxcf68fffb66d60d96209446bfc4a15291dc5a5d41 < 57cd6d157eb479f0a8e820fd36b7240845c8a937affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.49 <= 5.15.*unaffected
LinuxLinux5.18.6 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

References