CVE-2022-48762: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will contain EX_TYPE_LOAD_UNALIGNED_ZEROPAD (i.e. 4): * We'll always treat X0 as the address register, since EX_DATA_REG_ADDR is extracted from bits [9:5]. Thus, we may attempt to dereference an arbitrary address as X0 may hold an arbitrary value. * We'll always treat X4 as the data register, since EX_DATA_REG_DATA is extracted from bits [4:0]. Thus we will corrupt X4 and cause arbitrary behaviour within load_unaligned_zeropad() and its caller. Fix this by extracting both values from ex->data as originally intended. On an MTE-enabled QEMU image we are hitting the following crash: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: fixup_exception+0xc4/0x108 __do_kernel_fault+0x3c/0x268 do_tag_check_fault+0x3c/0x104 do_mem_abort+0x44/0xf4 el1_abort+0x40/0x64 el1h_64_sync_handler+0x60/0xa0 el1h_64_sync+0x7c/0x80 link_path_walk+0x150/0x344 path_openat+0xa0/0x7dc do_filp_open+0xb8/0x168 do_sys_openat2+0x88/0x17c __arm64_sys_openat+0x74/0xa0 invoke_syscall+0x48/0x148 el0_svc_common+0xb8/0xf8 do_el0_svc+0x28/0x88 el0_svc+0x24/0x84 el0t_64_sync_handler+0x88/0xec el0t_64_sync+0x1b4/0x1b8 Code: f8695a69 71007d1f 540000e0 927df12a (f940014a)
AI Analysis
Technical Summary
CVE-2022-48762 is a vulnerability identified in the Linux kernel specifically affecting the ARM64 architecture's exception handling code related to load_unaligned_zeropad operations. The flaw arises from incorrect extraction of register indices within the ex_handler_load_unaligned_zeropad() function. Instead of extracting the data and address register indices from the correct field (ex->data), the code erroneously extracts them from ex->type. Since ex->type contains a fixed value (EX_TYPE_LOAD_UNALIGNED_ZEROPAD = 4), this leads to the function always treating register X0 as the address register and X4 as the data register regardless of their actual intended values. Consequently, this can cause the kernel to dereference an arbitrary address stored in X0, potentially leading to a NULL pointer dereference or other arbitrary memory accesses. Additionally, register X4 may be corrupted, causing unpredictable behavior in the kernel and its callers. This issue is particularly observable on MTE-enabled QEMU images, where it triggers kernel crashes due to invalid memory accesses. The vulnerability has been fixed by correcting the code to extract register indices from ex->data as originally intended. The CVSS v3.1 base score is 6.2 (medium severity), with an attack vector of local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H) due to potential kernel crashes. No known exploits are currently reported in the wild. The affected Linux kernel versions include the commit 753b32368705c396000f95f33c3b7018474e33ad. This vulnerability is relevant primarily to ARM64 Linux kernel deployments, especially those using MTE (Memory Tagging Extension) features or running on ARM64 QEMU emulation environments.
Potential Impact
For European organizations, the impact of CVE-2022-48762 depends largely on their use of ARM64-based Linux systems. Enterprises and service providers deploying ARM64 servers, embedded devices, or development environments with MTE-enabled kernels could experience system instability or denial of service due to kernel crashes triggered by this vulnerability. The availability impact is significant as kernel crashes can lead to service interruptions, affecting critical infrastructure, cloud services, or embedded systems. Although the vulnerability does not directly compromise confidentiality or integrity, the resulting denial of service could disrupt business operations, especially in sectors relying on ARM64 hardware such as telecommunications, automotive, IoT, and edge computing. Organizations using ARM64 QEMU for development or testing might also face instability. Since exploitation requires local access and no user interaction, the threat is more relevant to insider threats or attackers who have already gained some level of system access. The lack of known exploits in the wild reduces immediate risk, but the medium severity score and potential for availability disruption warrant timely patching to maintain operational continuity.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2022-48762. Specifically, they should apply the patch correcting the register index extraction in ex_handler_load_unaligned_zeropad(). For environments using ARM64 hardware with MTE enabled, thorough testing of kernel updates is recommended to ensure stability. Organizations should also audit their use of ARM64 Linux systems, identifying any exposed or critical systems running vulnerable kernel versions. Limiting local access to trusted users and enforcing strict access controls can reduce the risk of exploitation. Additionally, monitoring kernel logs for signs of NULL pointer dereferences or unexpected crashes can help detect attempts to trigger this vulnerability. For development environments using QEMU with ARM64 emulation, updating QEMU and kernel images to patched versions is advised. Finally, integrating this vulnerability into vulnerability management and patching workflows ensures timely remediation and reduces exposure.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark
CVE-2022-48762: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will contain EX_TYPE_LOAD_UNALIGNED_ZEROPAD (i.e. 4): * We'll always treat X0 as the address register, since EX_DATA_REG_ADDR is extracted from bits [9:5]. Thus, we may attempt to dereference an arbitrary address as X0 may hold an arbitrary value. * We'll always treat X4 as the data register, since EX_DATA_REG_DATA is extracted from bits [4:0]. Thus we will corrupt X4 and cause arbitrary behaviour within load_unaligned_zeropad() and its caller. Fix this by extracting both values from ex->data as originally intended. On an MTE-enabled QEMU image we are hitting the following crash: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: fixup_exception+0xc4/0x108 __do_kernel_fault+0x3c/0x268 do_tag_check_fault+0x3c/0x104 do_mem_abort+0x44/0xf4 el1_abort+0x40/0x64 el1h_64_sync_handler+0x60/0xa0 el1h_64_sync+0x7c/0x80 link_path_walk+0x150/0x344 path_openat+0xa0/0x7dc do_filp_open+0xb8/0x168 do_sys_openat2+0x88/0x17c __arm64_sys_openat+0x74/0xa0 invoke_syscall+0x48/0x148 el0_svc_common+0xb8/0xf8 do_el0_svc+0x28/0x88 el0_svc+0x24/0x84 el0t_64_sync_handler+0x88/0xec el0t_64_sync+0x1b4/0x1b8 Code: f8695a69 71007d1f 540000e0 927df12a (f940014a)
AI-Powered Analysis
Technical Analysis
CVE-2022-48762 is a vulnerability identified in the Linux kernel specifically affecting the ARM64 architecture's exception handling code related to load_unaligned_zeropad operations. The flaw arises from incorrect extraction of register indices within the ex_handler_load_unaligned_zeropad() function. Instead of extracting the data and address register indices from the correct field (ex->data), the code erroneously extracts them from ex->type. Since ex->type contains a fixed value (EX_TYPE_LOAD_UNALIGNED_ZEROPAD = 4), this leads to the function always treating register X0 as the address register and X4 as the data register regardless of their actual intended values. Consequently, this can cause the kernel to dereference an arbitrary address stored in X0, potentially leading to a NULL pointer dereference or other arbitrary memory accesses. Additionally, register X4 may be corrupted, causing unpredictable behavior in the kernel and its callers. This issue is particularly observable on MTE-enabled QEMU images, where it triggers kernel crashes due to invalid memory accesses. The vulnerability has been fixed by correcting the code to extract register indices from ex->data as originally intended. The CVSS v3.1 base score is 6.2 (medium severity), with an attack vector of local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H) due to potential kernel crashes. No known exploits are currently reported in the wild. The affected Linux kernel versions include the commit 753b32368705c396000f95f33c3b7018474e33ad. This vulnerability is relevant primarily to ARM64 Linux kernel deployments, especially those using MTE (Memory Tagging Extension) features or running on ARM64 QEMU emulation environments.
Potential Impact
For European organizations, the impact of CVE-2022-48762 depends largely on their use of ARM64-based Linux systems. Enterprises and service providers deploying ARM64 servers, embedded devices, or development environments with MTE-enabled kernels could experience system instability or denial of service due to kernel crashes triggered by this vulnerability. The availability impact is significant as kernel crashes can lead to service interruptions, affecting critical infrastructure, cloud services, or embedded systems. Although the vulnerability does not directly compromise confidentiality or integrity, the resulting denial of service could disrupt business operations, especially in sectors relying on ARM64 hardware such as telecommunications, automotive, IoT, and edge computing. Organizations using ARM64 QEMU for development or testing might also face instability. Since exploitation requires local access and no user interaction, the threat is more relevant to insider threats or attackers who have already gained some level of system access. The lack of known exploits in the wild reduces immediate risk, but the medium severity score and potential for availability disruption warrant timely patching to maintain operational continuity.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2022-48762. Specifically, they should apply the patch correcting the register index extraction in ex_handler_load_unaligned_zeropad(). For environments using ARM64 hardware with MTE enabled, thorough testing of kernel updates is recommended to ensure stability. Organizations should also audit their use of ARM64 Linux systems, identifying any exposed or critical systems running vulnerable kernel versions. Limiting local access to trusted users and enforcing strict access controls can reduce the risk of exploitation. Additionally, monitoring kernel logs for signs of NULL pointer dereferences or unexpected crashes can help detect attempts to trigger this vulnerability. For development environments using QEMU with ARM64 emulation, updating QEMU and kernel images to patched versions is advised. Finally, integrating this vulnerability into vulnerability management and patching workflows ensures timely remediation and reduces exposure.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-20T11:09:39.060Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe60cf
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 8:42:58 PM
Last updated: 8/16/2025, 11:09:33 PM
Views: 15
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.