CVE-2022-50230

Summary

In the Linux kernel, the following vulnerability has been resolved:

arm64: set UXN on swapper page tables

[ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire kernel image in initial ID map") as part of a large refactoring of the arm64 boot flow. This simple fix is therefore preferred for -stable backporting ]

On a system that implements FEAT_EPAN, read/write access to the idmap is denied because UXN is not set on the swapper PTEs. As a result, idmap_kpti_install_ng_mappings panics the kernel when accessing __idmap_kpti_flag. Fix it by setting UXN on these PTEs.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux18107f8a2df6bf1c6cac8d0713f757f866d5af51 < 9283e708a9b8529e7aafac9ab5c5c79a9fab8846affected
LinuxLinux18107f8a2df6bf1c6cac8d0713f757f866d5af51 < c3cee924bd855184d15bc4aa6088dcf8e2c1394caffected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.19.1 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References