CVE-2022-48752: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending Running selftest with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled in kernel triggered below warning: [ 172.851380] ------------[ cut here ]------------ [ 172.851391] WARNING: CPU: 8 PID: 2901 at arch/powerpc/include/asm/hw_irq.h:246 power_pmu_disable+0x270/0x280 [ 172.851402] Modules linked in: dm_mod bonding nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink sunrpc xfs libcrc32c pseries_rng xts vmx_crypto uio_pdrv_genirq uio sch_fq_codel ip_tables ext4 mbcache jbd2 sd_mod t10_pi sg ibmvscsi ibmveth scsi_transport_srp fuse [ 172.851442] CPU: 8 PID: 2901 Comm: lost_exception_ Not tainted 5.16.0-rc5-03218-g798527287598 #2 [ 172.851451] NIP: c00000000013d600 LR: c00000000013d5a4 CTR: c00000000013b180 [ 172.851458] REGS: c000000017687860 TRAP: 0700 Not tainted (5.16.0-rc5-03218-g798527287598) [ 172.851465] MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 48004884 XER: 20040000 [ 172.851482] CFAR: c00000000013d5b4 IRQMASK: 1 [ 172.851482] GPR00: c00000000013d5a4 c000000017687b00 c000000002a10600 0000000000000004 [ 172.851482] GPR04: 0000000082004000 c0000008ba08f0a8 0000000000000000 00000008b7ed0000 [ 172.851482] GPR08: 00000000446194f6 0000000000008000 c00000000013b118 c000000000d58e68 [ 172.851482] GPR12: c00000000013d390 c00000001ec54a80 0000000000000000 0000000000000000 [ 172.851482] GPR16: 0000000000000000 0000000000000000 c000000015d5c708 c0000000025396d0 [ 172.851482] GPR20: 0000000000000000 0000000000000000 c00000000a3bbf40 0000000000000003 [ 172.851482] GPR24: 0000000000000000 c0000008ba097400 c0000000161e0d00 c00000000a3bb600 [ 172.851482] GPR28: c000000015d5c700 0000000000000001 0000000082384090 c0000008ba0020d8 [ 172.851549] NIP [c00000000013d600] power_pmu_disable+0x270/0x280 [ 172.851557] LR [c00000000013d5a4] power_pmu_disable+0x214/0x280 [ 172.851565] Call Trace: [ 172.851568] [c000000017687b00] [c00000000013d5a4] power_pmu_disable+0x214/0x280 (unreliable) [ 172.851579] [c000000017687b40] [c0000000003403ac] perf_pmu_disable+0x4c/0x60 [ 172.851588] [c000000017687b60] [c0000000003445e4] __perf_event_task_sched_out+0x1d4/0x660 [ 172.851596] [c000000017687c50] [c000000000d1175c] __schedule+0xbcc/0x12a0 [ 172.851602] [c000000017687d60] [c000000000d11ea8] schedule+0x78/0x140 [ 172.851608] [c000000017687d90] [c0000000001a8080] sys_sched_yield+0x20/0x40 [ 172.851615] [c000000017687db0] [c0000000000334dc] system_call_exception+0x18c/0x380 [ 172.851622] [c000000017687e10] [c00000000000c74c] system_call_common+0xec/0x268 The warning indicates that MSR_EE being set(interrupt enabled) when there was an overflown PMC detected. This could happen in power_pmu_disable since it runs under interrupt soft disable condition ( local_irq_save ) and not with interrupts hard disabled. commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC") intended to clear PMI pending bit in Paca when disabling the PMU. It could happen that PMC gets overflown while code is in power_pmu_disable callback function. Hence add a check to see if PMI pending bit is set in Paca before clearing it via clear_pmi_pending.
AI Analysis
Technical Summary
CVE-2022-48752 is a vulnerability identified in the Linux kernel specifically affecting the PowerPC architecture's performance monitoring unit (PMU) handling code. The issue arises in the power_pmu_disable function, which is responsible for disabling the PMU and clearing the performance monitoring interrupt (PMI) pending bit. The vulnerability is due to improper handling of the PMI pending bit when the PMU is disabled. Specifically, the function power_pmu_disable calls clear_pmi_irq_pending unconditionally, without verifying if the PMI pending bit is actually set. This can lead to a warning and potentially unstable behavior because the code runs under a soft interrupt disable condition (local_irq_save) rather than hard interrupt disable, and the PMI pending bit may be set due to an overflow of the performance monitoring counters (PMC) during this time. The root cause is that the PMC can overflow while the power_pmu_disable callback is executing, and the code does not check the PMI pending bit before clearing it. The fix involves adding a check to ensure the PMI pending bit is set before attempting to clear it, preventing the warning and potential race conditions. This vulnerability is specific to PowerPC Linux kernels and was identified through kernel self-tests with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled. The issue manifests as kernel warnings and could potentially lead to instability or incorrect PMU behavior. No known exploits are reported in the wild, and the vulnerability does not have an assigned CVSS score. The affected versions are specific Linux kernel commits prior to the fix commit 2c9ac51b850d. This vulnerability is primarily a kernel-level bug affecting performance monitoring on PowerPC systems, which are less common than x86 architectures but still used in certain enterprise and embedded environments.
Potential Impact
For European organizations, the impact of CVE-2022-48752 is primarily relevant to those using Linux systems on PowerPC hardware. PowerPC architectures are less prevalent in mainstream enterprise servers and desktops compared to x86_64 but are still used in specialized environments such as telecommunications, embedded systems, networking equipment, and some high-performance computing contexts. The vulnerability could cause kernel warnings and potentially unstable PMU behavior, which might affect performance monitoring and profiling tools. This could hinder system diagnostics, performance tuning, and monitoring, potentially leading to reduced visibility into system health and performance. While the vulnerability does not directly allow privilege escalation or remote code execution, instability in kernel PMU handling could indirectly affect system reliability and availability, especially in critical infrastructure or industrial control systems that rely on PowerPC Linux platforms. European organizations in sectors like telecommunications, automotive, aerospace, and industrial automation that deploy PowerPC-based Linux systems could be impacted. The lack of known exploits reduces immediate risk, but unpatched systems might face operational issues or be more difficult to troubleshoot performance problems. Given the niche hardware affected, the overall impact on the broader European IT landscape is limited but significant for affected organizations.
Mitigation Recommendations
To mitigate CVE-2022-48752, European organizations should: 1) Identify and inventory Linux systems running on PowerPC architecture, focusing on kernel versions and configurations. 2) Apply the official Linux kernel patch that adds the PMI pending bit check before clearing it in power_pmu_disable. This patch is included in kernel commits after 2c9ac51b850d. 3) If immediate patching is not feasible, consider disabling performance monitoring features on affected PowerPC systems to avoid triggering the vulnerable code path, though this reduces monitoring capabilities. 4) Enable and monitor kernel logs for warnings related to power_pmu_disable to detect potential occurrences of the issue. 5) Test kernel updates in a controlled environment before deployment to ensure stability and compatibility. 6) Engage with hardware and Linux distribution vendors to obtain updated kernels or backported patches. 7) For embedded or specialized devices, coordinate with device manufacturers for firmware or kernel updates incorporating the fix. These steps go beyond generic advice by focusing on architecture-specific identification, patch application, and operational monitoring tailored to the PowerPC Linux environment.
Affected Countries
Germany, France, United Kingdom, Italy, Netherlands
CVE-2022-48752: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending Running selftest with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled in kernel triggered below warning: [ 172.851380] ------------[ cut here ]------------ [ 172.851391] WARNING: CPU: 8 PID: 2901 at arch/powerpc/include/asm/hw_irq.h:246 power_pmu_disable+0x270/0x280 [ 172.851402] Modules linked in: dm_mod bonding nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink sunrpc xfs libcrc32c pseries_rng xts vmx_crypto uio_pdrv_genirq uio sch_fq_codel ip_tables ext4 mbcache jbd2 sd_mod t10_pi sg ibmvscsi ibmveth scsi_transport_srp fuse [ 172.851442] CPU: 8 PID: 2901 Comm: lost_exception_ Not tainted 5.16.0-rc5-03218-g798527287598 #2 [ 172.851451] NIP: c00000000013d600 LR: c00000000013d5a4 CTR: c00000000013b180 [ 172.851458] REGS: c000000017687860 TRAP: 0700 Not tainted (5.16.0-rc5-03218-g798527287598) [ 172.851465] MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 48004884 XER: 20040000 [ 172.851482] CFAR: c00000000013d5b4 IRQMASK: 1 [ 172.851482] GPR00: c00000000013d5a4 c000000017687b00 c000000002a10600 0000000000000004 [ 172.851482] GPR04: 0000000082004000 c0000008ba08f0a8 0000000000000000 00000008b7ed0000 [ 172.851482] GPR08: 00000000446194f6 0000000000008000 c00000000013b118 c000000000d58e68 [ 172.851482] GPR12: c00000000013d390 c00000001ec54a80 0000000000000000 0000000000000000 [ 172.851482] GPR16: 0000000000000000 0000000000000000 c000000015d5c708 c0000000025396d0 [ 172.851482] GPR20: 0000000000000000 0000000000000000 c00000000a3bbf40 0000000000000003 [ 172.851482] GPR24: 0000000000000000 c0000008ba097400 c0000000161e0d00 c00000000a3bb600 [ 172.851482] GPR28: c000000015d5c700 0000000000000001 0000000082384090 c0000008ba0020d8 [ 172.851549] NIP [c00000000013d600] power_pmu_disable+0x270/0x280 [ 172.851557] LR [c00000000013d5a4] power_pmu_disable+0x214/0x280 [ 172.851565] Call Trace: [ 172.851568] [c000000017687b00] [c00000000013d5a4] power_pmu_disable+0x214/0x280 (unreliable) [ 172.851579] [c000000017687b40] [c0000000003403ac] perf_pmu_disable+0x4c/0x60 [ 172.851588] [c000000017687b60] [c0000000003445e4] __perf_event_task_sched_out+0x1d4/0x660 [ 172.851596] [c000000017687c50] [c000000000d1175c] __schedule+0xbcc/0x12a0 [ 172.851602] [c000000017687d60] [c000000000d11ea8] schedule+0x78/0x140 [ 172.851608] [c000000017687d90] [c0000000001a8080] sys_sched_yield+0x20/0x40 [ 172.851615] [c000000017687db0] [c0000000000334dc] system_call_exception+0x18c/0x380 [ 172.851622] [c000000017687e10] [c00000000000c74c] system_call_common+0xec/0x268 The warning indicates that MSR_EE being set(interrupt enabled) when there was an overflown PMC detected. This could happen in power_pmu_disable since it runs under interrupt soft disable condition ( local_irq_save ) and not with interrupts hard disabled. commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC") intended to clear PMI pending bit in Paca when disabling the PMU. It could happen that PMC gets overflown while code is in power_pmu_disable callback function. Hence add a check to see if PMI pending bit is set in Paca before clearing it via clear_pmi_pending.
AI-Powered Analysis
Technical Analysis
CVE-2022-48752 is a vulnerability identified in the Linux kernel specifically affecting the PowerPC architecture's performance monitoring unit (PMU) handling code. The issue arises in the power_pmu_disable function, which is responsible for disabling the PMU and clearing the performance monitoring interrupt (PMI) pending bit. The vulnerability is due to improper handling of the PMI pending bit when the PMU is disabled. Specifically, the function power_pmu_disable calls clear_pmi_irq_pending unconditionally, without verifying if the PMI pending bit is actually set. This can lead to a warning and potentially unstable behavior because the code runs under a soft interrupt disable condition (local_irq_save) rather than hard interrupt disable, and the PMI pending bit may be set due to an overflow of the performance monitoring counters (PMC) during this time. The root cause is that the PMC can overflow while the power_pmu_disable callback is executing, and the code does not check the PMI pending bit before clearing it. The fix involves adding a check to ensure the PMI pending bit is set before attempting to clear it, preventing the warning and potential race conditions. This vulnerability is specific to PowerPC Linux kernels and was identified through kernel self-tests with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled. The issue manifests as kernel warnings and could potentially lead to instability or incorrect PMU behavior. No known exploits are reported in the wild, and the vulnerability does not have an assigned CVSS score. The affected versions are specific Linux kernel commits prior to the fix commit 2c9ac51b850d. This vulnerability is primarily a kernel-level bug affecting performance monitoring on PowerPC systems, which are less common than x86 architectures but still used in certain enterprise and embedded environments.
Potential Impact
For European organizations, the impact of CVE-2022-48752 is primarily relevant to those using Linux systems on PowerPC hardware. PowerPC architectures are less prevalent in mainstream enterprise servers and desktops compared to x86_64 but are still used in specialized environments such as telecommunications, embedded systems, networking equipment, and some high-performance computing contexts. The vulnerability could cause kernel warnings and potentially unstable PMU behavior, which might affect performance monitoring and profiling tools. This could hinder system diagnostics, performance tuning, and monitoring, potentially leading to reduced visibility into system health and performance. While the vulnerability does not directly allow privilege escalation or remote code execution, instability in kernel PMU handling could indirectly affect system reliability and availability, especially in critical infrastructure or industrial control systems that rely on PowerPC Linux platforms. European organizations in sectors like telecommunications, automotive, aerospace, and industrial automation that deploy PowerPC-based Linux systems could be impacted. The lack of known exploits reduces immediate risk, but unpatched systems might face operational issues or be more difficult to troubleshoot performance problems. Given the niche hardware affected, the overall impact on the broader European IT landscape is limited but significant for affected organizations.
Mitigation Recommendations
To mitigate CVE-2022-48752, European organizations should: 1) Identify and inventory Linux systems running on PowerPC architecture, focusing on kernel versions and configurations. 2) Apply the official Linux kernel patch that adds the PMI pending bit check before clearing it in power_pmu_disable. This patch is included in kernel commits after 2c9ac51b850d. 3) If immediate patching is not feasible, consider disabling performance monitoring features on affected PowerPC systems to avoid triggering the vulnerable code path, though this reduces monitoring capabilities. 4) Enable and monitor kernel logs for warnings related to power_pmu_disable to detect potential occurrences of the issue. 5) Test kernel updates in a controlled environment before deployment to ensure stability and compatibility. 6) Engage with hardware and Linux distribution vendors to obtain updated kernels or backported patches. 7) For embedded or specialized devices, coordinate with device manufacturers for firmware or kernel updates incorporating the fix. These steps go beyond generic advice by focusing on architecture-specific identification, patch application, and operational monitoring tailored to the PowerPC Linux environment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-20T11:09:39.057Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe6085
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 8:26:44 PM
Last updated: 8/5/2025, 12:47:00 PM
Views: 14
Related Threats
CVE-2025-9095: Cross Site Scripting in ExpressGateway express-gateway
MediumCVE-2025-7342: CWE-798 Use of Hard-coded Credentials in Kubernetes Image Builder
HighCVE-2025-9094: Improper Neutralization of Special Elements Used in a Template Engine in ThingsBoard
MediumCVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.