CVE-2022-50091

EPSS 0.03%
Veröffentlicht 18.06.2025 11:02:30
Zuletzt bearbeitet 18.06.2025 13:47:40
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

locking/csd_lock: Change csdlock_debug from early_param to __setup

The csdlock_debug kernel-boot parameter is parsed by the
early_param() function csdlock_debug().  If set, csdlock_debug()
invokes static_branch_enable() to enable csd_lock_wait feature, which
triggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and
CONFIG_SPARSEMEM_VMEMMAP=n.

With CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in
static_key_enable() and returns NULL, resulting in a NULL dereference
because mem_section is initialized only later in sparse_init().

This is also a problem for powerpc because early_param() functions
are invoked earlier than jump_label_init(), also resulting in
static_key_enable() failures.  These failures cause the warning "static
key 'xxx' used before call to jump_label_init()".

Thus, early_param is too early for csd_lock_wait to run
static_branch_enable(), so changes it to __setup to fix these.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < d2cbdbe22b5f190055d2d0ae92e7454479343a30

Version 8d0968cc6b8ffd8496c2ebffdfdc801f949a85e5

Status affected

Version < 05de9e2e33b1625c71aee69e353fe906dd2be88a

Version 8d0968cc6b8ffd8496c2ebffdfdc801f949a85e5

Status affected

Version < b480d1e9a8c11ecc1c99dc01814b28e3103bd0a0

Version 8d0968cc6b8ffd8496c2ebffdfdc801f949a85e5

Status affected

Version < 9c9b26b0df270d4f9246e483a44686fca951a29c

Version 8d0968cc6b8ffd8496c2ebffdfdc801f949a85e5

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.13

Status affected

Version < 5.13

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.61

Status unaffected

Version <= 5.18.*

Version 5.18.18

Status unaffected

Version <= 5.19.*

Version 5.19.2

Status unaffected

Version <= *

Version 6.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.056

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/d2cbdbe22b5f190055d2d0ae92e7454479343a30

https://git.kernel.org/stable/c/05de9e2e33b1625c71aee69e353fe906dd2be88a

https://git.kernel.org/stable/c/b480d1e9a8c11ecc1c99dc01814b28e3103bd0a0

https://git.kernel.org/stable/c/9c9b26b0df270d4f9246e483a44686fca951a29c

https://nvd.nist.gov/vuln/detail/CVE-2022-50091

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50091

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50091

EUVD