CVE-2022-48845: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIG_SCHED_CORE (landed during 5.14 cycle), 2-core 2-thread-per-core interAptiv (CPS-driven) started emitting the following: [ 0.025698] CPU1 revision is: 0001a120 (MIPS interAptiv (multi)) [ 0.048183] ------------[ cut here ]------------ [ 0.048187] WARNING: CPU: 1 PID: 0 at kernel/sched/core.c:6025 sched_core_cpu_starting+0x198/0x240 [ 0.048220] Modules linked in: [ 0.048233] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.17.0-rc3+ #35 b7b319f24073fd9a3c2aa7ad15fb7993eec0b26f [ 0.048247] Stack : 817f0000 00000004 327804c8 810eb050 00000000 00000004 00000000 c314fdd1 [ 0.048278] 830cbd64 819c0000 81800000 817f0000 83070bf4 00000001 830cbd08 00000000 [ 0.048307] 00000000 00000000 815fcbc4 00000000 00000000 00000000 00000000 00000000 [ 0.048334] 00000000 00000000 00000000 00000000 817f0000 00000000 00000000 817f6f34 [ 0.048361] 817f0000 818a3c00 817f0000 00000004 00000000 00000000 4dc33260 0018c933 [ 0.048389] ... [ 0.048396] Call Trace: [ 0.048399] [<8105a7bc>] show_stack+0x3c/0x140 [ 0.048424] [<8131c2a0>] dump_stack_lvl+0x60/0x80 [ 0.048440] [<8108b5c0>] __warn+0xc0/0xf4 [ 0.048454] [<8108b658>] warn_slowpath_fmt+0x64/0x10c [ 0.048467] [<810bd418>] sched_core_cpu_starting+0x198/0x240 [ 0.048483] [<810c6514>] sched_cpu_starting+0x14/0x80 [ 0.048497] [<8108c0f8>] cpuhp_invoke_callback_range+0x78/0x140 [ 0.048510] [<8108d914>] notify_cpu_starting+0x94/0x140 [ 0.048523] [<8106593c>] start_secondary+0xbc/0x280 [ 0.048539] [ 0.048543] ---[ end trace 0000000000000000 ]--- [ 0.048636] Synchronize counters for CPU 1: done. ...for each but CPU 0/boot. Basic debug printks right before the mentioned line say: [ 0.048170] CPU: 1, smt_mask: So smt_mask, which is sibling mask obviously, is empty when entering the function. This is critical, as sched_core_cpu_starting() calculates core-scheduling parameters only once per CPU start, and it's crucial to have all the parameters filled in at that moment (at least it uses cpu_smt_mask() which in fact is `&cpu_sibling_map[cpu]` on MIPS). A bit of debugging led me to that set_cpu_sibling_map() performing the actual map calculation, was being invocated after notify_cpu_start(), and exactly the latter function starts CPU HP callback round (sched_core_cpu_starting() is basically a CPU HP callback). While the flow is same on ARM64 (maps after the notifier, although before calling set_cpu_online()), x86 started calculating sibling maps earlier than starting the CPU HP callbacks in Linux 4.14 (see [0] for the reference). Neither me nor my brief tests couldn't find any potential caveats in calculating the maps right after performing delay calibration, but the WARN splat is now gone. The very same debug prints now yield exactly what I expected from them: [ 0.048433] CPU: 1, smt_mask: 0-1 [0] https://git.kernel.org/pub/scm/linux/kernel/git/mips/linux.git/commit/?id=76ce7cfe35ef
AI Analysis
Technical Summary
CVE-2022-48845 is a vulnerability identified in the Linux kernel specifically affecting the MIPS architecture with the CONFIG_SCHED_CORE scheduler feature enabled. The issue arises from the improper initialization timing of CPU sibling and core maps during CPU startup sequences. In affected kernel versions, the sibling mask (smt_mask), which represents the logical CPUs sharing the same physical core, is left empty when the sched_core_cpu_starting() function is invoked. This function is responsible for calculating core-scheduling parameters and is triggered as a CPU hotplug callback during CPU startup. The root cause is that the set_cpu_sibling_map() function, which populates the sibling map, is called after notify_cpu_start(), whereas sched_core_cpu_starting() expects this data to be available beforehand. This results in warnings and potential misbehavior in CPU scheduling on multi-core, multi-threaded MIPS processors, particularly those using the interAptiv architecture. The flaw was introduced after enabling CONFIG_SCHED_CORE in kernel version 5.14 and manifests as kernel warnings and potential instability during CPU initialization. The fix involves adjusting the order of sibling map initialization to occur earlier in the CPU startup process, ensuring that sched_core_cpu_starting() has accurate sibling information. This vulnerability is specific to MIPS architectures with certain CPU topologies and scheduler configurations and does not affect other architectures like x86 or ARM64, which handle sibling map initialization differently. No known exploits are reported in the wild, and the vulnerability primarily causes kernel warnings and potential CPU scheduling misconfigurations rather than direct security breaches.
Potential Impact
For European organizations, the impact of CVE-2022-48845 is relatively limited due to the niche nature of the affected platform—MIPS architecture CPUs with CONFIG_SCHED_CORE enabled in the Linux kernel. Most mainstream servers, desktops, and cloud infrastructure in Europe run on x86_64 or ARM architectures, which are not affected by this issue. However, organizations using embedded systems, network appliances, or specialized industrial control systems based on MIPS processors could experience kernel instability or degraded CPU scheduling performance. This could lead to reduced system reliability or availability in critical infrastructure or telecommunications equipment. Although no direct security exploit is known, the vulnerability could indirectly affect system integrity by causing unexpected CPU behavior or kernel panics during CPU hotplug events or system boot. This might impact sectors relying on MIPS-based embedded Linux devices, such as telecommunications providers, industrial automation firms, or certain IoT deployments prevalent in Europe. Overall, the threat to confidentiality and integrity is low, but availability and system stability could be moderately impacted in affected environments.
Mitigation Recommendations
To mitigate CVE-2022-48845, organizations should: 1) Apply the latest Linux kernel patches that reorder the initialization of CPU sibling maps to occur before CPU hotplug callbacks, ensuring CONFIG_SCHED_CORE functionality operates correctly. 2) For embedded or specialized MIPS-based systems, coordinate with hardware and OS vendors to obtain updated firmware or kernel versions incorporating this fix. 3) Disable CONFIG_SCHED_CORE if not required, as this scheduler feature is the trigger for the vulnerability. 4) Implement rigorous testing of kernel updates in staging environments for MIPS-based devices to detect any CPU startup or scheduling anomalies before production deployment. 5) Monitor kernel logs for warnings related to sched_core_cpu_starting or CPU sibling map initialization to detect potential residual issues. 6) Maintain inventory of MIPS-based Linux systems within the organization to assess exposure and prioritize patching. These steps go beyond generic advice by focusing on architecture-specific configurations and emphasizing proactive vendor coordination and monitoring tailored to embedded and specialized Linux deployments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-48845: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIG_SCHED_CORE (landed during 5.14 cycle), 2-core 2-thread-per-core interAptiv (CPS-driven) started emitting the following: [ 0.025698] CPU1 revision is: 0001a120 (MIPS interAptiv (multi)) [ 0.048183] ------------[ cut here ]------------ [ 0.048187] WARNING: CPU: 1 PID: 0 at kernel/sched/core.c:6025 sched_core_cpu_starting+0x198/0x240 [ 0.048220] Modules linked in: [ 0.048233] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.17.0-rc3+ #35 b7b319f24073fd9a3c2aa7ad15fb7993eec0b26f [ 0.048247] Stack : 817f0000 00000004 327804c8 810eb050 00000000 00000004 00000000 c314fdd1 [ 0.048278] 830cbd64 819c0000 81800000 817f0000 83070bf4 00000001 830cbd08 00000000 [ 0.048307] 00000000 00000000 815fcbc4 00000000 00000000 00000000 00000000 00000000 [ 0.048334] 00000000 00000000 00000000 00000000 817f0000 00000000 00000000 817f6f34 [ 0.048361] 817f0000 818a3c00 817f0000 00000004 00000000 00000000 4dc33260 0018c933 [ 0.048389] ... [ 0.048396] Call Trace: [ 0.048399] [<8105a7bc>] show_stack+0x3c/0x140 [ 0.048424] [<8131c2a0>] dump_stack_lvl+0x60/0x80 [ 0.048440] [<8108b5c0>] __warn+0xc0/0xf4 [ 0.048454] [<8108b658>] warn_slowpath_fmt+0x64/0x10c [ 0.048467] [<810bd418>] sched_core_cpu_starting+0x198/0x240 [ 0.048483] [<810c6514>] sched_cpu_starting+0x14/0x80 [ 0.048497] [<8108c0f8>] cpuhp_invoke_callback_range+0x78/0x140 [ 0.048510] [<8108d914>] notify_cpu_starting+0x94/0x140 [ 0.048523] [<8106593c>] start_secondary+0xbc/0x280 [ 0.048539] [ 0.048543] ---[ end trace 0000000000000000 ]--- [ 0.048636] Synchronize counters for CPU 1: done. ...for each but CPU 0/boot. Basic debug printks right before the mentioned line say: [ 0.048170] CPU: 1, smt_mask: So smt_mask, which is sibling mask obviously, is empty when entering the function. This is critical, as sched_core_cpu_starting() calculates core-scheduling parameters only once per CPU start, and it's crucial to have all the parameters filled in at that moment (at least it uses cpu_smt_mask() which in fact is `&cpu_sibling_map[cpu]` on MIPS). A bit of debugging led me to that set_cpu_sibling_map() performing the actual map calculation, was being invocated after notify_cpu_start(), and exactly the latter function starts CPU HP callback round (sched_core_cpu_starting() is basically a CPU HP callback). While the flow is same on ARM64 (maps after the notifier, although before calling set_cpu_online()), x86 started calculating sibling maps earlier than starting the CPU HP callbacks in Linux 4.14 (see [0] for the reference). Neither me nor my brief tests couldn't find any potential caveats in calculating the maps right after performing delay calibration, but the WARN splat is now gone. The very same debug prints now yield exactly what I expected from them: [ 0.048433] CPU: 1, smt_mask: 0-1 [0] https://git.kernel.org/pub/scm/linux/kernel/git/mips/linux.git/commit/?id=76ce7cfe35ef
AI-Powered Analysis
Technical Analysis
CVE-2022-48845 is a vulnerability identified in the Linux kernel specifically affecting the MIPS architecture with the CONFIG_SCHED_CORE scheduler feature enabled. The issue arises from the improper initialization timing of CPU sibling and core maps during CPU startup sequences. In affected kernel versions, the sibling mask (smt_mask), which represents the logical CPUs sharing the same physical core, is left empty when the sched_core_cpu_starting() function is invoked. This function is responsible for calculating core-scheduling parameters and is triggered as a CPU hotplug callback during CPU startup. The root cause is that the set_cpu_sibling_map() function, which populates the sibling map, is called after notify_cpu_start(), whereas sched_core_cpu_starting() expects this data to be available beforehand. This results in warnings and potential misbehavior in CPU scheduling on multi-core, multi-threaded MIPS processors, particularly those using the interAptiv architecture. The flaw was introduced after enabling CONFIG_SCHED_CORE in kernel version 5.14 and manifests as kernel warnings and potential instability during CPU initialization. The fix involves adjusting the order of sibling map initialization to occur earlier in the CPU startup process, ensuring that sched_core_cpu_starting() has accurate sibling information. This vulnerability is specific to MIPS architectures with certain CPU topologies and scheduler configurations and does not affect other architectures like x86 or ARM64, which handle sibling map initialization differently. No known exploits are reported in the wild, and the vulnerability primarily causes kernel warnings and potential CPU scheduling misconfigurations rather than direct security breaches.
Potential Impact
For European organizations, the impact of CVE-2022-48845 is relatively limited due to the niche nature of the affected platform—MIPS architecture CPUs with CONFIG_SCHED_CORE enabled in the Linux kernel. Most mainstream servers, desktops, and cloud infrastructure in Europe run on x86_64 or ARM architectures, which are not affected by this issue. However, organizations using embedded systems, network appliances, or specialized industrial control systems based on MIPS processors could experience kernel instability or degraded CPU scheduling performance. This could lead to reduced system reliability or availability in critical infrastructure or telecommunications equipment. Although no direct security exploit is known, the vulnerability could indirectly affect system integrity by causing unexpected CPU behavior or kernel panics during CPU hotplug events or system boot. This might impact sectors relying on MIPS-based embedded Linux devices, such as telecommunications providers, industrial automation firms, or certain IoT deployments prevalent in Europe. Overall, the threat to confidentiality and integrity is low, but availability and system stability could be moderately impacted in affected environments.
Mitigation Recommendations
To mitigate CVE-2022-48845, organizations should: 1) Apply the latest Linux kernel patches that reorder the initialization of CPU sibling maps to occur before CPU hotplug callbacks, ensuring CONFIG_SCHED_CORE functionality operates correctly. 2) For embedded or specialized MIPS-based systems, coordinate with hardware and OS vendors to obtain updated firmware or kernel versions incorporating this fix. 3) Disable CONFIG_SCHED_CORE if not required, as this scheduler feature is the trigger for the vulnerability. 4) Implement rigorous testing of kernel updates in staging environments for MIPS-based devices to detect any CPU startup or scheduling anomalies before production deployment. 5) Monitor kernel logs for warnings related to sched_core_cpu_starting or CPU sibling map initialization to detect potential residual issues. 6) Maintain inventory of MIPS-based Linux systems within the organization to assess exposure and prioritize patching. These steps go beyond generic advice by focusing on architecture-specific configurations and emphasizing proactive vendor coordination and monitoring tailored to embedded and specialized Linux deployments.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-16T11:38:08.911Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe6364
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 10:40:50 PM
Last updated: 7/25/2025, 10:08:48 PM
Views: 9
Related Threats
CVE-2025-8178: Heap-based Buffer Overflow in Tenda AC10
HighCVE-2025-6895: CWE-288 Authentication Bypass Using an Alternate Path or Channel in melapress Melapress Login Security
CriticalCVE-2025-8177: Buffer Overflow in LibTIFF
MediumCVE-2025-8176: Use After Free in LibTIFF
MediumCVE-2025-8103: CWE-352 Cross-Site Request Forgery (CSRF) in etruel WPeMatico RSS Feed Fetcher
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.