CVE-2022-50319

Summary

In the Linux kernel, the following vulnerability has been resolved:

coresight: trbe: remove cpuhp instance node before remove cpuhp state

cpuhp_state_add_instance() and cpuhp_state_remove_instance() should be used in pairs. Or there will lead to the warn on cpuhp_remove_multi_state() since the cpuhp_step list is not empty.

The following is the error log with 'rmmod coresight-trbe': Error: Removing state 215 which has instances left. Call trace: __cpuhp_remove_state_cpuslocked+0x144/0x160 __cpuhp_remove_state+0xac/0x100 arm_trbe_device_remove+0x2c/0x60 [coresight_trbe] platform_remove+0x34/0x70 device_remove+0x54/0x90 device_release_driver_internal+0x1e4/0x250 driver_detach+0x5c/0xb0 bus_remove_driver+0x64/0xc0 driver_unregister+0x3c/0x70 platform_driver_unregister+0x20/0x30 arm_trbe_exit+0x1c/0x658 [coresight_trbe] __arm64_sys_delete_module+0x1ac/0x24c invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0x58/0x1a0 do_el0_svc+0x38/0xd0 el0_svc+0x2c/0xc0 el0t_64_sync_handler+0x1ac/0x1b0 el0t_64_sync+0x19c/0x1a0 —[ end trace 0000000000000000 ]—

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3fbf7f011f2426dac8c982f1d2ef469a7959a524 < 18b9202188a4e59923834c60b5c82ea1da7d1811affected
LinuxLinux3fbf7f011f2426dac8c982f1d2ef469a7959a524 < 2ea334960afcd49385840c7afd59fc5f8d3ce682affected
LinuxLinux3fbf7f011f2426dac8c982f1d2ef469a7959a524 < 3c18888bc0b51835c74123b1e04d5df11543724caffected
LinuxLinux3fbf7f011f2426dac8c982f1d2ef469a7959a524 < 20ee8c223f792947378196307d8e707c9cdc2d61affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References