CVE-2022-49885

EPSS 0.04%
Veröffentlicht 01.05.2025 14:10:31
Zuletzt bearbeitet 01.10.2025 17:15:36
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()

In the Linux kernel, the following vulnerability has been resolved:

ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()

Change num_ghes from int to unsigned int, preventing an overflow
and causing subsequent vmalloc() to fail.

The overflow happens in ghes_estatus_pool_init() when calculating
len during execution of the statement below as both multiplication
operands here are signed int:

len += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE);

The following call trace is observed because of this bug:

[    9.317108] swapper/0: vmalloc error: size 18446744071562596352, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1
[    9.317131] Call Trace:
[    9.317134]  <TASK>
[    9.317137]  dump_stack_lvl+0x49/0x5f
[    9.317145]  dump_stack+0x10/0x12
[    9.317146]  warn_alloc.cold+0x7b/0xdf
[    9.317150]  ? __device_attach+0x16a/0x1b0
[    9.317155]  __vmalloc_node_range+0x702/0x740
[    9.317160]  ? device_add+0x17f/0x920
[    9.317164]  ? dev_set_name+0x53/0x70
[    9.317166]  ? platform_device_add+0xf9/0x240
[    9.317168]  __vmalloc_node+0x49/0x50
[    9.317170]  ? ghes_estatus_pool_init+0x43/0xa0
[    9.317176]  vmalloc+0x21/0x30
[    9.317177]  ghes_estatus_pool_init+0x43/0xa0
[    9.317179]  acpi_hest_init+0x129/0x19c
[    9.317185]  acpi_init+0x434/0x4a4
[    9.317188]  ? acpi_sleep_proc_init+0x2a/0x2a
[    9.317190]  do_one_initcall+0x48/0x200
[    9.317195]  kernel_init_freeable+0x221/0x284
[    9.317200]  ? rest_init+0xe0/0xe0
[    9.317204]  kernel_init+0x1a/0x130
[    9.317205]  ret_from_fork+0x22/0x30
[    9.317208]  </TASK>

[ rjw: Subject and changelog edits ]

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 4 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.10.154

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.78

Linux ≫ Linux Kernel Version >= 5.16 < 6.0.8

Linux ≫ Linux Kernel Version6.1 Updaterc1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.127

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/9edf20e5a1d805855e78f241cf221d741b50d482

Patch

https://git.kernel.org/stable/c/c50ec15725e005e9fb20bce69b6c23b135a4a9b7

Patch

https://git.kernel.org/stable/c/4c10c854113720cbfe75d4f51db79b700a629e73

Patch

https://git.kernel.org/stable/c/43d2748394c3feb86c0c771466f5847e274fc043

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-49885

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-49885

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-49885

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-49885