CVE-2022-49565 is a vulnerability identified in the Linux kernel's performance monitoring unit (PMU) subsystem, specifically related to the Intel Last Branch Record (LBR) feature on x86 architectures. The issue arises from improper handling of Model-Specific Register (MSR) access errors when the Transactional Synchronization Extensions (TSX) feature is disabled on certain Intel processors using the LBR format LBR_FORMAT_EIP_FLAGS2. The vulnerability is due to a timing and logic flaw in the initialization sequence of the LBR handling code. The function lbr_from_signext_quirk_needed(), which determines if a TSX-specific quirk is required to correctly access LBR registers, is called before the intel_pmu_lbr_init() function that parses the LBR format information. Because the LBR format information is not yet available, the TSX quirk is never applied when it should be, leading to unchecked MSR access errors such as WRMSR to MSR address 0x689 with invalid data. This can cause kernel warnings or errors, potentially leading to instability or denial of service conditions. The fix involves moving the call to lbr_from_signext_quirk_needed() into the intel_pmu_lbr_init() function to ensure the quirk is applied only when appropriate, and updating the logic to no longer check the x86_pmu.lbr_has_tsx flag unnecessarily. This vulnerability is specific to Intel processors with the affected LBR format and TSX disabled, and impacts Linux kernel versions containing the flawed code. No known exploits are reported in the wild at this time.

For European organizations running Linux on Intel-based servers or workstations, this vulnerability could lead to kernel instability or crashes when performance monitoring features are used, especially in environments that disable TSX for security or compatibility reasons. While it does not directly allow privilege escalation or remote code execution, the resulting kernel errors could disrupt critical services or monitoring tools that rely on PMU data, potentially causing denial of service. Organizations with high-reliability requirements or those using performance monitoring for security analytics might experience degraded operational effectiveness. The impact is more pronounced in environments that heavily utilize Intel PMU features or custom kernel builds with specific configurations. Since no known exploits exist, the immediate risk is low, but unpatched systems remain vulnerable to potential future exploitation or accidental triggering of the bug.

European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2022-49565. Kernel maintainers have fixed the issue by adjusting the initialization sequence of the LBR handling code. Until patches are applied, administrators can consider temporarily disabling performance monitoring features related to Intel PMU or LBR on affected systems, especially if TSX is disabled, to avoid triggering the vulnerability. Monitoring kernel logs for unchecked MSR access errors can help identify affected systems. Additionally, organizations should review their kernel configuration and boot parameters to ensure TSX is enabled if compatible, as this may mitigate the quirk requirement. For environments where kernel updates are delayed, isolating affected systems or limiting access to reduce impact of potential instability is advisable. Close coordination with hardware vendors and Linux distribution maintainers is recommended to obtain timely patches and guidance.