CVE-2022-50230
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
arm64: set UXN on swapper page tables
[ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire kernel image in initial ID map") as part of a large refactoring of the arm64 boot flow. This simple fix is therefore preferred for -stable backporting ]
On a system that implements FEAT_EPAN, read/write access to the idmap is denied because UXN is not set on the swapper PTEs. As a result, idmap_kpti_install_ng_mappings panics the kernel when accessing __idmap_kpti_flag. Fix it by setting UXN on these PTEs.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 18107f8a2df6bf1c6cac8d0713f757f866d5af51 < 9283e708a9b8529e7aafac9ab5c5c79a9fab8846 | affected |
| Linux | Linux | 18107f8a2df6bf1c6cac8d0713f757f866d5af51 < c3cee924bd855184d15bc4aa6088dcf8e2c1394c | affected |
| Linux | Linux | 5.13 | affected |
| Linux | Linux | 0 < 5.13 | unaffected |
| Linux | Linux | 5.19.1 <= 5.19.* | unaffected |
| Linux | Linux | 6.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/9283e708a9b8529e7aafac9ab5c5c79a9fab8846
- https://git.kernel.org/stable/c/c3cee924bd855184d15bc4aa6088dcf8e2c1394c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.