CVE-2022-49666: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit") the kernel now validate the addr against high_memory value. This results in the below BUG_ON with dax pfns. [ 635.798741][T26531] kernel BUG at mm/page_alloc.c:5521! 1:mon> e cpu 0x1: Vector: 700 (Program Check) at [c000000007287630] pc: c00000000055ed48: free_pages.part.0+0x48/0x110 lr: c00000000053ca70: tlb_finish_mmu+0x80/0xd0 sp: c0000000072878d0 msr: 800000000282b033 current = 0xc00000000afabe00 paca = 0xc00000037ffff300 irqmask: 0x03 irq_happened: 0x05 pid = 26531, comm = 50-landscape-sy kernel BUG at :5521! Linux version 5.19.0-rc3-14659-g4ec05be7c2e1 (kvaneesh@ltc-boston8) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #625 SMP Thu Jun 23 00:35:43 CDT 2022 1:mon> t [link register ] c00000000053ca70 tlb_finish_mmu+0x80/0xd0 [c0000000072878d0] c00000000053ca54 tlb_finish_mmu+0x64/0xd0 (unreliable) [c000000007287900] c000000000539424 exit_mmap+0xe4/0x2a0 [c0000000072879e0] c00000000019fc1c mmput+0xcc/0x210 [c000000007287a20] c000000000629230 begin_new_exec+0x5e0/0xf40 [c000000007287ae0] c00000000070b3cc load_elf_binary+0x3ac/0x1e00 [c000000007287c10] c000000000627af0 bprm_execve+0x3b0/0xaf0 [c000000007287cd0] c000000000628414 do_execveat_common.isra.0+0x1e4/0x310 [c000000007287d80] c00000000062858c sys_execve+0x4c/0x60 [c000000007287db0] c00000000002c1b0 system_call_exception+0x160/0x2c0 [c000000007287e10] c00000000000c53c system_call_common+0xec/0x250 The fix is to make sure we update high_memory on memory hotplug. This is similar to what x86 does in commit 3072e413e305 ("mm/memory_hotplug: introduce add_pages")
AI Analysis
Technical Summary
CVE-2022-49666 is a vulnerability identified in the Linux kernel specifically affecting the PowerPC architecture's memory hotplug functionality. The issue arises from improper handling and validation of memory addresses during dynamic memory management operations. The vulnerability is linked to the commit ffa0b64e3be5, which introduced a fix for virt_addr_valid() for 64-bit Book3E and 32-bit PowerPC systems by validating addresses against the high_memory value. However, this change caused a kernel BUG_ON error when dealing with direct access (DAX) page frame numbers (PFNs), leading to kernel crashes. The root cause is that the kernel did not properly update the high_memory variable during memory hotplug events, which is critical for address validation. This flaw results in a kernel panic or BUG at mm/page_alloc.c, causing system instability or denial of service. The fix involves updating the high_memory variable appropriately during memory hotplug operations, aligning with similar fixes applied in the x86 architecture. The vulnerability affects multiple Linux kernel versions as indicated by the affected commit hashes, and it is specific to PowerPC platforms utilizing memory hotplug features. There are no known exploits in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations running Linux on PowerPC hardware—commonly found in specialized servers, embedded systems, or legacy infrastructure—this vulnerability could lead to unexpected kernel crashes and system downtime. Such instability can disrupt critical services, especially in sectors relying on high availability such as telecommunications, finance, and industrial control systems. The denial of service caused by kernel panics could also open windows for attackers to perform further attacks during recovery periods. Although no known exploits exist currently, the vulnerability's presence in kernel memory management poses a risk of exploitation if attackers can trigger memory hotplug events or manipulate memory mappings. This could compromise system reliability and availability, impacting business continuity and operational efficiency. Given the niche hardware affected, the impact is more pronounced in environments with PowerPC deployments rather than general x86 Linux servers.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2022-49666. Specifically, kernel versions incorporating the commit ffa0b64e3be5 or later should be deployed. For systems where immediate patching is not feasible, administrators should audit and restrict memory hotplug operations, limiting them to trusted processes and users to reduce the risk of exploitation. Monitoring kernel logs for BUG_ON or panic messages related to memory allocation can help detect attempts to trigger the vulnerability. Additionally, organizations should review their use of DAX and memory hotplug features on PowerPC systems and consider disabling or limiting these features if not essential. Implementing strict access controls and ensuring that only authorized personnel can perform memory management operations will further mitigate risk. Finally, maintaining robust backup and recovery procedures will minimize downtime in case of crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden
CVE-2022-49666: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit") the kernel now validate the addr against high_memory value. This results in the below BUG_ON with dax pfns. [ 635.798741][T26531] kernel BUG at mm/page_alloc.c:5521! 1:mon> e cpu 0x1: Vector: 700 (Program Check) at [c000000007287630] pc: c00000000055ed48: free_pages.part.0+0x48/0x110 lr: c00000000053ca70: tlb_finish_mmu+0x80/0xd0 sp: c0000000072878d0 msr: 800000000282b033 current = 0xc00000000afabe00 paca = 0xc00000037ffff300 irqmask: 0x03 irq_happened: 0x05 pid = 26531, comm = 50-landscape-sy kernel BUG at :5521! Linux version 5.19.0-rc3-14659-g4ec05be7c2e1 (kvaneesh@ltc-boston8) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #625 SMP Thu Jun 23 00:35:43 CDT 2022 1:mon> t [link register ] c00000000053ca70 tlb_finish_mmu+0x80/0xd0 [c0000000072878d0] c00000000053ca54 tlb_finish_mmu+0x64/0xd0 (unreliable) [c000000007287900] c000000000539424 exit_mmap+0xe4/0x2a0 [c0000000072879e0] c00000000019fc1c mmput+0xcc/0x210 [c000000007287a20] c000000000629230 begin_new_exec+0x5e0/0xf40 [c000000007287ae0] c00000000070b3cc load_elf_binary+0x3ac/0x1e00 [c000000007287c10] c000000000627af0 bprm_execve+0x3b0/0xaf0 [c000000007287cd0] c000000000628414 do_execveat_common.isra.0+0x1e4/0x310 [c000000007287d80] c00000000062858c sys_execve+0x4c/0x60 [c000000007287db0] c00000000002c1b0 system_call_exception+0x160/0x2c0 [c000000007287e10] c00000000000c53c system_call_common+0xec/0x250 The fix is to make sure we update high_memory on memory hotplug. This is similar to what x86 does in commit 3072e413e305 ("mm/memory_hotplug: introduce add_pages")
AI-Powered Analysis
Technical Analysis
CVE-2022-49666 is a vulnerability identified in the Linux kernel specifically affecting the PowerPC architecture's memory hotplug functionality. The issue arises from improper handling and validation of memory addresses during dynamic memory management operations. The vulnerability is linked to the commit ffa0b64e3be5, which introduced a fix for virt_addr_valid() for 64-bit Book3E and 32-bit PowerPC systems by validating addresses against the high_memory value. However, this change caused a kernel BUG_ON error when dealing with direct access (DAX) page frame numbers (PFNs), leading to kernel crashes. The root cause is that the kernel did not properly update the high_memory variable during memory hotplug events, which is critical for address validation. This flaw results in a kernel panic or BUG at mm/page_alloc.c, causing system instability or denial of service. The fix involves updating the high_memory variable appropriately during memory hotplug operations, aligning with similar fixes applied in the x86 architecture. The vulnerability affects multiple Linux kernel versions as indicated by the affected commit hashes, and it is specific to PowerPC platforms utilizing memory hotplug features. There are no known exploits in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations running Linux on PowerPC hardware—commonly found in specialized servers, embedded systems, or legacy infrastructure—this vulnerability could lead to unexpected kernel crashes and system downtime. Such instability can disrupt critical services, especially in sectors relying on high availability such as telecommunications, finance, and industrial control systems. The denial of service caused by kernel panics could also open windows for attackers to perform further attacks during recovery periods. Although no known exploits exist currently, the vulnerability's presence in kernel memory management poses a risk of exploitation if attackers can trigger memory hotplug events or manipulate memory mappings. This could compromise system reliability and availability, impacting business continuity and operational efficiency. Given the niche hardware affected, the impact is more pronounced in environments with PowerPC deployments rather than general x86 Linux servers.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2022-49666. Specifically, kernel versions incorporating the commit ffa0b64e3be5 or later should be deployed. For systems where immediate patching is not feasible, administrators should audit and restrict memory hotplug operations, limiting them to trusted processes and users to reduce the risk of exploitation. Monitoring kernel logs for BUG_ON or panic messages related to memory allocation can help detect attempts to trigger the vulnerability. Additionally, organizations should review their use of DAX and memory hotplug features on PowerPC systems and consider disabling or limiting these features if not essential. Implementing strict access controls and ensuring that only authorized personnel can perform memory management operations will further mitigate risk. Finally, maintaining robust backup and recovery procedures will minimize downtime in case of crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:21:30.436Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbdd71a
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 12:55:12 AM
Last updated: 8/1/2025, 12:41:15 AM
Views: 10
Related Threats
CVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumResearcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.