CVE-2022-49214: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Don't use DSISR for SLB faults Since commit 46ddcb3950a2 ("powerpc/mm: Show if a bad page fault on data is read or write.") we use page_fault_is_write(regs->dsisr) in __bad_page_fault() to determine if the fault is for a read or write, and change the message printed accordingly. But SLB faults, aka Data Segment Interrupts, don't set DSISR (Data Storage Interrupt Status Register) to a useful value. All ISA versions from v2.03 through v3.1 specify that the Data Segment Interrupt sets DSISR "to an undefined value". As far as I can see there's no mention of SLB faults setting DSISR in any BookIV content either. This manifests as accesses that should be a read being incorrectly reported as writes, for example, using the xmon "dump" command: 0:mon> d 0x5deadbeef0000000 5deadbeef0000000 [359526.415354][ C6] BUG: Unable to handle kernel data access on write at 0x5deadbeef0000000 [359526.415611][ C6] Faulting instruction address: 0xc00000000010a300 cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf400] pc: c00000000010a300: mread+0x90/0x190 If we disassemble the PC, we see a load instruction: 0:mon> di c00000000010a300 c00000000010a300 89490000 lbz r10,0(r9) We can also see in exceptions-64s.S that the data_access_slb block doesn't set IDSISR=1, which means it doesn't load DSISR into pt_regs. So the value we're using to determine if the fault is a read/write is some stale value in pt_regs from a previous page fault. Rework the printing logic to separate the SLB fault case out, and only print read/write in the cases where we can determine it. The result looks like eg: 0:mon> d 0x5deadbeef0000000 5deadbeef0000000 [ 721.779525][ C6] BUG: Unable to handle kernel data access at 0x5deadbeef0000000 [ 721.779697][ C6] Faulting instruction address: 0xc00000000014cbe0 cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf390] 0:mon> d 0 0000000000000000 [ 742.793242][ C6] BUG: Kernel NULL pointer dereference at 0x00000000 [ 742.793316][ C6] Faulting instruction address: 0xc00000000014cbe0 cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf390]
AI Analysis
Technical Summary
CVE-2022-49214 addresses a vulnerability in the Linux kernel specifically related to the PowerPC 64-bit (powerpc/64s) architecture's handling of Data Segment Interrupts (SLB faults). The issue arises from the kernel's use of the Data Storage Interrupt Status Register (DSISR) to determine whether a page fault was caused by a read or write operation. Since commit 46ddcb3950a2, the kernel uses the DSISR value in the __bad_page_fault() function to differentiate read faults from write faults and adjust the diagnostic messages accordingly. However, for SLB faults, the DSISR register is set to an undefined value according to the PowerPC ISA specifications (versions 2.03 through 3.1), meaning it does not provide reliable information for these faults. This results in incorrect reporting of fault types, such as read accesses being mistakenly reported as writes. The problem manifests in kernel logs and debugging tools (e.g., xmon) showing misleading fault information, which can complicate debugging and fault analysis. The root cause is that the data_access_slb exception handler does not set the IDSISR bit, so DSISR is not loaded into the pt_regs structure, causing stale or incorrect values to be used. The fix involves reworking the kernel's fault reporting logic to treat SLB faults separately and only print read/write fault information when it can be accurately determined. This vulnerability does not appear to allow direct exploitation for privilege escalation or arbitrary code execution but affects the reliability of fault diagnosis on affected PowerPC 64-bit Linux systems. It is a correctness and stability issue in kernel fault handling rather than a direct security bypass or memory corruption flaw. No known exploits are reported in the wild, and the vulnerability is specific to a niche architecture and kernel code path.
Potential Impact
For European organizations, the impact of CVE-2022-49214 is primarily on systems running Linux on PowerPC 64-bit architectures, which are less common than x86_64 but still used in specialized environments such as embedded systems, telecommunications, networking equipment, and certain high-performance computing platforms. The vulnerability affects kernel fault reporting accuracy, which can hinder system administrators and security teams in diagnosing kernel faults and memory access issues. This may delay incident response and troubleshooting efforts, potentially increasing downtime or complicating forensic investigations. However, since the vulnerability does not enable privilege escalation, code execution, or data leakage, the direct risk to confidentiality, integrity, and availability is low. European organizations relying on PowerPC 64-bit Linux systems in critical infrastructure or industrial control systems should be aware of this issue, as misdiagnosed faults could impact system reliability and maintenance. Overall, the threat is limited in scope and impact but relevant for niche deployments and specialized hardware environments.
Mitigation Recommendations
To mitigate CVE-2022-49214, European organizations should: 1) Apply the latest Linux kernel patches that address this issue as soon as they become available from their Linux distribution vendors or upstream kernel sources. 2) For systems running custom or embedded PowerPC 64-bit Linux kernels, integrate the patch that separates SLB fault handling and corrects the DSISR usage in fault reporting. 3) Enhance monitoring and logging practices to correlate kernel fault messages with other system indicators to compensate for any residual ambiguity in fault type reporting. 4) Conduct thorough testing of kernel updates in staging environments to ensure that fault diagnosis tools and debugging workflows function correctly post-patch. 5) Train system administrators and incident responders on the specific characteristics of PowerPC 64-bit fault handling to improve troubleshooting accuracy. 6) Where feasible, consider architectural alternatives or virtualization that reduce reliance on affected PowerPC 64-bit kernels if fault diagnosis reliability is critical. These steps go beyond generic advice by focusing on architecture-specific patching, operational adjustments, and staff preparedness.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland
CVE-2022-49214: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Don't use DSISR for SLB faults Since commit 46ddcb3950a2 ("powerpc/mm: Show if a bad page fault on data is read or write.") we use page_fault_is_write(regs->dsisr) in __bad_page_fault() to determine if the fault is for a read or write, and change the message printed accordingly. But SLB faults, aka Data Segment Interrupts, don't set DSISR (Data Storage Interrupt Status Register) to a useful value. All ISA versions from v2.03 through v3.1 specify that the Data Segment Interrupt sets DSISR "to an undefined value". As far as I can see there's no mention of SLB faults setting DSISR in any BookIV content either. This manifests as accesses that should be a read being incorrectly reported as writes, for example, using the xmon "dump" command: 0:mon> d 0x5deadbeef0000000 5deadbeef0000000 [359526.415354][ C6] BUG: Unable to handle kernel data access on write at 0x5deadbeef0000000 [359526.415611][ C6] Faulting instruction address: 0xc00000000010a300 cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf400] pc: c00000000010a300: mread+0x90/0x190 If we disassemble the PC, we see a load instruction: 0:mon> di c00000000010a300 c00000000010a300 89490000 lbz r10,0(r9) We can also see in exceptions-64s.S that the data_access_slb block doesn't set IDSISR=1, which means it doesn't load DSISR into pt_regs. So the value we're using to determine if the fault is a read/write is some stale value in pt_regs from a previous page fault. Rework the printing logic to separate the SLB fault case out, and only print read/write in the cases where we can determine it. The result looks like eg: 0:mon> d 0x5deadbeef0000000 5deadbeef0000000 [ 721.779525][ C6] BUG: Unable to handle kernel data access at 0x5deadbeef0000000 [ 721.779697][ C6] Faulting instruction address: 0xc00000000014cbe0 cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf390] 0:mon> d 0 0000000000000000 [ 742.793242][ C6] BUG: Kernel NULL pointer dereference at 0x00000000 [ 742.793316][ C6] Faulting instruction address: 0xc00000000014cbe0 cpu 0x6: Vector: 380 (Data SLB Access) at [c00000000ffbf390]
AI-Powered Analysis
Technical Analysis
CVE-2022-49214 addresses a vulnerability in the Linux kernel specifically related to the PowerPC 64-bit (powerpc/64s) architecture's handling of Data Segment Interrupts (SLB faults). The issue arises from the kernel's use of the Data Storage Interrupt Status Register (DSISR) to determine whether a page fault was caused by a read or write operation. Since commit 46ddcb3950a2, the kernel uses the DSISR value in the __bad_page_fault() function to differentiate read faults from write faults and adjust the diagnostic messages accordingly. However, for SLB faults, the DSISR register is set to an undefined value according to the PowerPC ISA specifications (versions 2.03 through 3.1), meaning it does not provide reliable information for these faults. This results in incorrect reporting of fault types, such as read accesses being mistakenly reported as writes. The problem manifests in kernel logs and debugging tools (e.g., xmon) showing misleading fault information, which can complicate debugging and fault analysis. The root cause is that the data_access_slb exception handler does not set the IDSISR bit, so DSISR is not loaded into the pt_regs structure, causing stale or incorrect values to be used. The fix involves reworking the kernel's fault reporting logic to treat SLB faults separately and only print read/write fault information when it can be accurately determined. This vulnerability does not appear to allow direct exploitation for privilege escalation or arbitrary code execution but affects the reliability of fault diagnosis on affected PowerPC 64-bit Linux systems. It is a correctness and stability issue in kernel fault handling rather than a direct security bypass or memory corruption flaw. No known exploits are reported in the wild, and the vulnerability is specific to a niche architecture and kernel code path.
Potential Impact
For European organizations, the impact of CVE-2022-49214 is primarily on systems running Linux on PowerPC 64-bit architectures, which are less common than x86_64 but still used in specialized environments such as embedded systems, telecommunications, networking equipment, and certain high-performance computing platforms. The vulnerability affects kernel fault reporting accuracy, which can hinder system administrators and security teams in diagnosing kernel faults and memory access issues. This may delay incident response and troubleshooting efforts, potentially increasing downtime or complicating forensic investigations. However, since the vulnerability does not enable privilege escalation, code execution, or data leakage, the direct risk to confidentiality, integrity, and availability is low. European organizations relying on PowerPC 64-bit Linux systems in critical infrastructure or industrial control systems should be aware of this issue, as misdiagnosed faults could impact system reliability and maintenance. Overall, the threat is limited in scope and impact but relevant for niche deployments and specialized hardware environments.
Mitigation Recommendations
To mitigate CVE-2022-49214, European organizations should: 1) Apply the latest Linux kernel patches that address this issue as soon as they become available from their Linux distribution vendors or upstream kernel sources. 2) For systems running custom or embedded PowerPC 64-bit Linux kernels, integrate the patch that separates SLB fault handling and corrects the DSISR usage in fault reporting. 3) Enhance monitoring and logging practices to correlate kernel fault messages with other system indicators to compensate for any residual ambiguity in fault type reporting. 4) Conduct thorough testing of kernel updates in staging environments to ensure that fault diagnosis tools and debugging workflows function correctly post-patch. 5) Train system administrators and incident responders on the specific characteristics of PowerPC 64-bit fault handling to improve troubleshooting accuracy. 6) Where feasible, consider architectural alternatives or virtualization that reduce reliance on affected PowerPC 64-bit kernels if fault diagnosis reliability is critical. These steps go beyond generic advice by focusing on architecture-specific patching, operational adjustments, and staff preparedness.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.292Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe52c1
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 4:24:57 AM
Last updated: 8/3/2025, 4:17:39 PM
Views: 13
Related Threats
CVE-2025-9099: Unrestricted Upload in Acrel Environmental Monitoring Cloud Platform
MediumCVE-2025-9098: Improper Export of Android Application Components in Elseplus File Recovery App
MediumCVE-2025-31715: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Unisoc (Shanghai) Technologies Co., Ltd. SL8521E/SL8521ET/ SL8541E/UIS8141E/UWS6137/UWS6137E/UWS6151(E)/UWS6152
CriticalCVE-2025-31714: CWE-20 Improper Input Validation in Unisoc (Shanghai) Technologies Co., Ltd. SL8521E/SL8521ET/ SL8541E/UIS8141E/UWS6137/UWS6137E/UWS6151(E)/UWS6152
MediumCVE-2025-31713: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Unisoc (Shanghai) Technologies Co., Ltd. SL8521E/SL8521ET/ SL8541E/UIS8141E/UWS6137/UWS6137E/UWS6151(E)/UWS6152
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.