CVE-2022-48713: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/pt: Fix crash with stop filters in single-range mode Add a check for !buf->single before calling pt_buffer_region_size in a place where a missing check can cause a kernel crash. Fixes a bug introduced by commit 670638477aed ("perf/x86/intel/pt: Opportunistically use single range output mode"), which added a support for PT single-range output mode. Since that commit if a PT stop filter range is hit while tracing, the kernel will crash because of a null pointer dereference in pt_handle_status due to calling pt_buffer_region_size without a ToPA configured. The commit which introduced single-range mode guarded almost all uses of the ToPA buffer variables with checks of the buf->single variable, but missed the case where tracing was stopped by the PT hardware, which happens when execution hits a configured stop filter. Tested that hitting a stop filter while PT recording successfully records a trace with this patch but crashes without this patch.
AI Analysis
Technical Summary
CVE-2022-48713 is a vulnerability in the Linux kernel specifically related to the Intel Processor Trace (PT) functionality within the perf subsystem on x86 architectures. The issue arises from a missing check in the code handling PT single-range output mode, introduced by a prior commit (670638477aed) that added support for this mode. When a PT stop filter range is hit during tracing, the kernel attempts to call pt_buffer_region_size without verifying if a Top of Physical Address (ToPA) buffer is configured. This missing check leads to a null pointer dereference in the pt_handle_status function, causing the kernel to crash. The vulnerability is triggered when tracing is stopped by the PT hardware due to execution hitting a configured stop filter. The patch adds a necessary check for the buf->single flag before calling pt_buffer_region_size, preventing the crash and allowing successful trace recording. This bug affects Linux kernel versions containing the faulty commit and is specifically related to the perf/x86/intel/pt subsystem's handling of single-range mode and stop filters. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux systems, especially those using Intel processors and leveraging the perf tool for performance monitoring and tracing, this vulnerability could lead to unexpected kernel crashes. Such crashes can cause system instability, potential denial of service (DoS), and interruptions in critical services. Organizations running production workloads, servers, or embedded systems with affected Linux kernel versions may experience downtime or degraded performance. Although the vulnerability does not appear to allow privilege escalation or data leakage, the availability impact could be significant in environments where uptime and reliability are critical, such as financial institutions, healthcare providers, and industrial control systems. Additionally, kernel crashes can complicate forensic analysis and incident response if they occur during active investigations or monitoring.
Mitigation Recommendations
European organizations should promptly apply the patch that adds the missing buf->single check in the perf/x86/intel/pt subsystem to prevent kernel crashes caused by this vulnerability. Specifically, updating the Linux kernel to a version that includes the fix for CVE-2022-48713 is essential. For environments where immediate patching is not feasible, temporarily disabling Intel PT tracing or avoiding the use of PT stop filters in single-range mode can mitigate the risk of triggering the crash. System administrators should also monitor kernel logs for signs of pt_handle_status crashes and implement robust kernel crash recovery mechanisms. Additionally, organizations should ensure that their performance monitoring tools and scripts are updated to avoid configurations that could trigger this vulnerability. Regular kernel updates and testing in staging environments before deployment will help maintain system stability and security.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-48713: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/pt: Fix crash with stop filters in single-range mode Add a check for !buf->single before calling pt_buffer_region_size in a place where a missing check can cause a kernel crash. Fixes a bug introduced by commit 670638477aed ("perf/x86/intel/pt: Opportunistically use single range output mode"), which added a support for PT single-range output mode. Since that commit if a PT stop filter range is hit while tracing, the kernel will crash because of a null pointer dereference in pt_handle_status due to calling pt_buffer_region_size without a ToPA configured. The commit which introduced single-range mode guarded almost all uses of the ToPA buffer variables with checks of the buf->single variable, but missed the case where tracing was stopped by the PT hardware, which happens when execution hits a configured stop filter. Tested that hitting a stop filter while PT recording successfully records a trace with this patch but crashes without this patch.
AI-Powered Analysis
Technical Analysis
CVE-2022-48713 is a vulnerability in the Linux kernel specifically related to the Intel Processor Trace (PT) functionality within the perf subsystem on x86 architectures. The issue arises from a missing check in the code handling PT single-range output mode, introduced by a prior commit (670638477aed) that added support for this mode. When a PT stop filter range is hit during tracing, the kernel attempts to call pt_buffer_region_size without verifying if a Top of Physical Address (ToPA) buffer is configured. This missing check leads to a null pointer dereference in the pt_handle_status function, causing the kernel to crash. The vulnerability is triggered when tracing is stopped by the PT hardware due to execution hitting a configured stop filter. The patch adds a necessary check for the buf->single flag before calling pt_buffer_region_size, preventing the crash and allowing successful trace recording. This bug affects Linux kernel versions containing the faulty commit and is specifically related to the perf/x86/intel/pt subsystem's handling of single-range mode and stop filters. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux systems, especially those using Intel processors and leveraging the perf tool for performance monitoring and tracing, this vulnerability could lead to unexpected kernel crashes. Such crashes can cause system instability, potential denial of service (DoS), and interruptions in critical services. Organizations running production workloads, servers, or embedded systems with affected Linux kernel versions may experience downtime or degraded performance. Although the vulnerability does not appear to allow privilege escalation or data leakage, the availability impact could be significant in environments where uptime and reliability are critical, such as financial institutions, healthcare providers, and industrial control systems. Additionally, kernel crashes can complicate forensic analysis and incident response if they occur during active investigations or monitoring.
Mitigation Recommendations
European organizations should promptly apply the patch that adds the missing buf->single check in the perf/x86/intel/pt subsystem to prevent kernel crashes caused by this vulnerability. Specifically, updating the Linux kernel to a version that includes the fix for CVE-2022-48713 is essential. For environments where immediate patching is not feasible, temporarily disabling Intel PT tracing or avoiding the use of PT stop filters in single-range mode can mitigate the risk of triggering the crash. System administrators should also monitor kernel logs for signs of pt_handle_status crashes and implement robust kernel crash recovery mechanisms. Additionally, organizations should ensure that their performance monitoring tools and scripts are updated to avoid configurations that could trigger this vulnerability. Regular kernel updates and testing in staging environments before deployment will help maintain system stability and security.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-20T11:09:39.050Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5f19
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 7:27:44 PM
Last updated: 8/13/2025, 5:49:44 PM
Views: 12
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.