5.5

CVE-2022-50504

powerpc/rtas: avoid scheduling in rtas_os_term()

In the Linux kernel, the following vulnerability has been resolved:

powerpc/rtas: avoid scheduling in rtas_os_term()

It's unsafe to use rtas_busy_delay() to handle a busy status from
the ibm,os-term RTAS function in rtas_os_term():

Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
BUG: sleeping function called from invalid context at arch/powerpc/kernel/rtas.c:618
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1, name: swapper/0
preempt_count: 2, expected: 0
CPU: 7 PID: 1 Comm: swapper/0 Tainted: G      D            6.0.0-rc5-02182-gf8553a572277-dirty #9
Call Trace:
[c000000007b8f000] [c000000001337110] dump_stack_lvl+0xb4/0x110 (unreliable)
[c000000007b8f040] [c0000000002440e4] __might_resched+0x394/0x3c0
[c000000007b8f0e0] [c00000000004f680] rtas_busy_delay+0x120/0x1b0
[c000000007b8f100] [c000000000052d04] rtas_os_term+0xb8/0xf4
[c000000007b8f180] [c0000000001150fc] pseries_panic+0x50/0x68
[c000000007b8f1f0] [c000000000036354] ppc_panic_platform_handler+0x34/0x50
[c000000007b8f210] [c0000000002303c4] notifier_call_chain+0xd4/0x1c0
[c000000007b8f2b0] [c0000000002306cc] atomic_notifier_call_chain+0xac/0x1c0
[c000000007b8f2f0] [c0000000001d62b8] panic+0x228/0x4d0
[c000000007b8f390] [c0000000001e573c] do_exit+0x140c/0x1420
[c000000007b8f480] [c0000000001e586c] make_task_dead+0xdc/0x200

Use rtas_busy_delay_time() instead, which signals without side effects
whether to attempt the ibm,os-term RTAS call again.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.18 < 4.9.337
LinuxLinux Kernel Version >= 4.10 < 4.14.303
LinuxLinux Kernel Version >= 4.15 < 4.19.270
LinuxLinux Kernel Version >= 4.20 < 5.4.229
LinuxLinux Kernel Version >= 5.5 < 5.10.163
LinuxLinux Kernel Version >= 5.11 < 5.15.87
LinuxLinux Kernel Version >= 5.16 < 6.0.17
LinuxLinux Kernel Version >= 6.1 < 6.1.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.045
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/f413135b337c4e90c1e593c6613f8717e17bc724
Patch
https://git.kernel.org/stable/c/4768935b8cc2d2afeb7956292df0f6e2c49ca0a5
Patch
https://git.kernel.org/stable/c/ffa991a003abb4f8cb9e5004646bfe2d9a46912c
Patch
https://git.kernel.org/stable/c/515959eb49e6d218a46979d66f36fdef329ac7d2
Patch
https://git.kernel.org/stable/c/6f7e2fcab73372a371ab4017cbedf7a71f4f9b40
Patch
https://git.kernel.org/stable/c/7280fdb80bf0fe35d9b799fc7009f2cbe0a397d7
Patch
https://git.kernel.org/stable/c/bed48651c87bef59ea1a9d6dbc381bcbc452f4ff
Patch
https://git.kernel.org/stable/c/482d990a5dd1027ee0b70a8a570d56749cac8103
Patch
https://git.kernel.org/stable/c/6c606e57eecc37d6b36d732b1ff7e55b7dc32dd4
Patch