CVE-2022-49090: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on store_cpu_topology() to call update_siblings_masks() to transfer the toplogy to the various cpu masks. This needs to be done before the call to notify_cpu_starting() which tells the scheduler about each cpu found, otherwise the core scheduling data structures are setup in a way that does not match the actual topology. With smt_mask not setup correctly we bail on `cpumask_weight(smt_mask) == 1` for !leaders in: notify_cpu_starting() cpuhp_invoke_callback_range() sched_cpu_starting() sched_core_cpu_starting() which leads to rq->core not being correctly set for !leader-rq's. Without this change stress-ng (which enables core scheduling in its prctl tests in newer versions -- i.e. with PR_SCHED_CORE support) causes a warning and then a crash (trimmed for legibility): [ 1853.805168] ------------[ cut here ]------------ [ 1853.809784] task_rq(b)->core != rq->core [ 1853.809792] WARNING: CPU: 117 PID: 0 at kernel/sched/fair.c:11102 cfs_prio_less+0x1b4/0x1c4 ... [ 1854.015210] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 ... [ 1854.231256] Call trace: [ 1854.233689] pick_next_task+0x3dc/0x81c [ 1854.237512] __schedule+0x10c/0x4cc [ 1854.240988] schedule_idle+0x34/0x54
AI Analysis
Technical Summary
CVE-2022-49090 is a vulnerability in the Linux kernel specifically affecting the ARM64 architecture's core scheduling topology initialization. The flaw arises because the function store_cpu_topology() fails to properly call update_siblings_masks() before notify_cpu_starting() is invoked. This sequence error causes the core scheduling data structures to be misconfigured, as the SMT (Simultaneous Multi-Threading) mask is not correctly set up. Consequently, the scheduler's internal representation of CPU topology does not match the actual hardware layout. This leads to the condition where the runqueue's core pointer (rq->core) is not correctly assigned for non-leader CPUs. When core scheduling is enabled, as in stress-ng tests using PR_SCHED_CORE, this misconfiguration triggers kernel warnings and ultimately causes a kernel crash due to a NULL pointer dereference. The crash occurs in the fair scheduler code path, specifically in cfs_prio_less(), pick_next_task(), and schedule_idle() functions. This vulnerability can cause system instability and denial of service on affected ARM64 Linux systems. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The issue was resolved by correcting the order of topology initialization calls to ensure SMT masks are properly set before notifying the scheduler of CPU startup.
Potential Impact
For European organizations running ARM64-based Linux systems, particularly those utilizing core scheduling features, this vulnerability can lead to unexpected kernel crashes and system instability. This can disrupt critical services, especially in environments relying on ARM64 servers or embedded systems such as telecommunications infrastructure, cloud providers, and edge computing nodes. The denial of service caused by kernel panics could affect availability of applications and services, potentially leading to operational downtime and loss of productivity. Since the flaw is in the kernel scheduler, it may also impact performance and reliability of multi-threaded workloads. Although no direct exploitation for privilege escalation or data breach is indicated, the instability risk alone is significant for production environments. Organizations using ARM64 Linux kernels in data centers or critical infrastructure should prioritize patching to maintain service continuity.
Mitigation Recommendations
Organizations should promptly apply the official Linux kernel patches that reorder the topology initialization sequence to correctly set SMT masks before CPU startup notifications. Specifically, updating to the latest stable kernel versions that include this fix is essential. For environments where immediate patching is challenging, disabling core scheduling features temporarily can mitigate the risk of kernel crashes. Additionally, thorough testing of ARM64 systems under load with core scheduling enabled should be conducted to detect any instability. Monitoring kernel logs for warnings related to task_rq or core scheduling can provide early indicators of this issue. Finally, organizations should maintain an up-to-date inventory of ARM64 Linux systems and ensure that automated patch management processes include kernel updates to reduce exposure time.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark
CVE-2022-49090: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on store_cpu_topology() to call update_siblings_masks() to transfer the toplogy to the various cpu masks. This needs to be done before the call to notify_cpu_starting() which tells the scheduler about each cpu found, otherwise the core scheduling data structures are setup in a way that does not match the actual topology. With smt_mask not setup correctly we bail on `cpumask_weight(smt_mask) == 1` for !leaders in: notify_cpu_starting() cpuhp_invoke_callback_range() sched_cpu_starting() sched_core_cpu_starting() which leads to rq->core not being correctly set for !leader-rq's. Without this change stress-ng (which enables core scheduling in its prctl tests in newer versions -- i.e. with PR_SCHED_CORE support) causes a warning and then a crash (trimmed for legibility): [ 1853.805168] ------------[ cut here ]------------ [ 1853.809784] task_rq(b)->core != rq->core [ 1853.809792] WARNING: CPU: 117 PID: 0 at kernel/sched/fair.c:11102 cfs_prio_less+0x1b4/0x1c4 ... [ 1854.015210] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 ... [ 1854.231256] Call trace: [ 1854.233689] pick_next_task+0x3dc/0x81c [ 1854.237512] __schedule+0x10c/0x4cc [ 1854.240988] schedule_idle+0x34/0x54
AI-Powered Analysis
Technical Analysis
CVE-2022-49090 is a vulnerability in the Linux kernel specifically affecting the ARM64 architecture's core scheduling topology initialization. The flaw arises because the function store_cpu_topology() fails to properly call update_siblings_masks() before notify_cpu_starting() is invoked. This sequence error causes the core scheduling data structures to be misconfigured, as the SMT (Simultaneous Multi-Threading) mask is not correctly set up. Consequently, the scheduler's internal representation of CPU topology does not match the actual hardware layout. This leads to the condition where the runqueue's core pointer (rq->core) is not correctly assigned for non-leader CPUs. When core scheduling is enabled, as in stress-ng tests using PR_SCHED_CORE, this misconfiguration triggers kernel warnings and ultimately causes a kernel crash due to a NULL pointer dereference. The crash occurs in the fair scheduler code path, specifically in cfs_prio_less(), pick_next_task(), and schedule_idle() functions. This vulnerability can cause system instability and denial of service on affected ARM64 Linux systems. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The issue was resolved by correcting the order of topology initialization calls to ensure SMT masks are properly set before notifying the scheduler of CPU startup.
Potential Impact
For European organizations running ARM64-based Linux systems, particularly those utilizing core scheduling features, this vulnerability can lead to unexpected kernel crashes and system instability. This can disrupt critical services, especially in environments relying on ARM64 servers or embedded systems such as telecommunications infrastructure, cloud providers, and edge computing nodes. The denial of service caused by kernel panics could affect availability of applications and services, potentially leading to operational downtime and loss of productivity. Since the flaw is in the kernel scheduler, it may also impact performance and reliability of multi-threaded workloads. Although no direct exploitation for privilege escalation or data breach is indicated, the instability risk alone is significant for production environments. Organizations using ARM64 Linux kernels in data centers or critical infrastructure should prioritize patching to maintain service continuity.
Mitigation Recommendations
Organizations should promptly apply the official Linux kernel patches that reorder the topology initialization sequence to correctly set SMT masks before CPU startup notifications. Specifically, updating to the latest stable kernel versions that include this fix is essential. For environments where immediate patching is challenging, disabling core scheduling features temporarily can mitigate the risk of kernel crashes. Additionally, thorough testing of ARM64 systems under load with core scheduling enabled should be conducted to detect any instability. Monitoring kernel logs for warnings related to task_rq or core scheduling can provide early indicators of this issue. Finally, organizations should maintain an up-to-date inventory of ARM64 Linux systems and ensure that automated patch management processes include kernel updates to reduce exposure time.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.249Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe6b0c
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 7/1/2025, 2:09:44 AM
Last updated: 7/25/2025, 5:16:24 PM
Views: 10
Related Threats
CVE-2025-8827: OS Command Injection in Linksys RE6250
MediumCVE-2025-8826: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-8825: OS Command Injection in Linksys RE6250
MediumCVE-2025-8824: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-8823: OS Command Injection in Linksys RE6250
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.