CVE-2022-49885: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() Change num_ghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc() to fail. The overflow happens in ghes_estatus_pool_init() when calculating len during execution of the statement below as both multiplication operands here are signed int: len += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE); The following call trace is observed because of this bug: [ 9.317108] swapper/0: vmalloc error: size 18446744071562596352, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 9.317131] Call Trace: [ 9.317134] <TASK> [ 9.317137] dump_stack_lvl+0x49/0x5f [ 9.317145] dump_stack+0x10/0x12 [ 9.317146] warn_alloc.cold+0x7b/0xdf [ 9.317150] ? __device_attach+0x16a/0x1b0 [ 9.317155] __vmalloc_node_range+0x702/0x740 [ 9.317160] ? device_add+0x17f/0x920 [ 9.317164] ? dev_set_name+0x53/0x70 [ 9.317166] ? platform_device_add+0xf9/0x240 [ 9.317168] __vmalloc_node+0x49/0x50 [ 9.317170] ? ghes_estatus_pool_init+0x43/0xa0 [ 9.317176] vmalloc+0x21/0x30 [ 9.317177] ghes_estatus_pool_init+0x43/0xa0 [ 9.317179] acpi_hest_init+0x129/0x19c [ 9.317185] acpi_init+0x434/0x4a4 [ 9.317188] ? acpi_sleep_proc_init+0x2a/0x2a [ 9.317190] do_one_initcall+0x48/0x200 [ 9.317195] kernel_init_freeable+0x221/0x284 [ 9.317200] ? rest_init+0xe0/0xe0 [ 9.317204] kernel_init+0x1a/0x130 [ 9.317205] ret_from_fork+0x22/0x30 [ 9.317208] </TASK> [ rjw: Subject and changelog edits ]
AI Analysis
Technical Summary
CVE-2022-49885 is a vulnerability in the Linux kernel related to the ACPI (Advanced Configuration and Power Interface) subsystem, specifically within the APEI (ACPI Platform Error Interface) component. The flaw exists in the function ghes_estatus_pool_init(), where an integer overflow occurs due to the use of signed integers in a multiplication operation. The variable num_ghes, originally declared as a signed int, is multiplied by a constant GHES_ESOURCE_PREALLOC_MAX_SIZE, also a signed int, to calculate the length (len) for memory allocation. This calculation can overflow, resulting in an incorrect, extremely large value for len. Consequently, the subsequent vmalloc() call attempts to allocate an invalidly large memory size, which fails and triggers kernel warnings and errors. The root cause is the signed integer overflow during length calculation, which was fixed by changing num_ghes to an unsigned int, preventing the overflow and ensuring correct memory allocation. The vulnerability can cause kernel instability or denial of service (DoS) due to failed memory allocation and potential kernel panics during system initialization or ACPI error handling. The call trace provided shows the failure occurring during kernel initialization, indicating that affected systems may fail to boot or operate reliably. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions identified by the given commit hashes, which correspond to recent kernel versions prior to the patch. This issue is technical and specific to the Linux kernel's ACPI error handling mechanism, impacting systems that rely on this kernel code path.
Potential Impact
For European organizations, the impact of CVE-2022-49885 primarily involves potential system instability and denial of service on Linux-based servers, desktops, and embedded devices that utilize affected kernel versions. Organizations running Linux kernels with the vulnerable code in environments where ACPI error handling is active may experience boot failures or kernel crashes, leading to downtime and disruption of critical services. This can affect data centers, cloud providers, telecommunications infrastructure, and industrial control systems that rely on Linux. The denial of service could impact availability of services, causing operational delays and potential financial losses. Since the vulnerability is in the kernel, it affects the integrity and availability of systems rather than confidentiality. Although no remote code execution or privilege escalation is indicated, the inability to allocate memory correctly during kernel initialization can prevent systems from functioning properly. European organizations with large Linux deployments, especially those using custom or older kernels without the patch, are at risk. The lack of known exploits reduces immediate threat but does not eliminate risk, especially as attackers may develop exploits targeting this flaw. The impact is more severe in environments where high availability is critical, such as financial institutions, healthcare, and government infrastructure.
Mitigation Recommendations
To mitigate CVE-2022-49885, European organizations should prioritize updating their Linux kernels to versions that include the patch fixing the integer overflow in ghes_estatus_pool_init(). Kernel updates from trusted Linux distributions or direct application of the patch from the Linux kernel maintainers should be applied promptly. Organizations using custom kernels should backport the fix by changing the num_ghes variable to unsigned int as per the patch. Additionally, thorough testing of kernel updates in staging environments is recommended to ensure stability before production deployment. Monitoring kernel logs for vmalloc errors or ACPI-related warnings can help detect attempts to trigger the vulnerability. For critical systems where immediate patching is not feasible, consider isolating affected systems or limiting exposure to untrusted inputs that might trigger ACPI error handling. Implementing robust backup and recovery procedures will reduce downtime in case of system crashes. Finally, maintain awareness of Linux kernel advisories and subscribe to security mailing lists to receive timely updates on this and related vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-49885: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() Change num_ghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc() to fail. The overflow happens in ghes_estatus_pool_init() when calculating len during execution of the statement below as both multiplication operands here are signed int: len += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE); The following call trace is observed because of this bug: [ 9.317108] swapper/0: vmalloc error: size 18446744071562596352, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 9.317131] Call Trace: [ 9.317134] <TASK> [ 9.317137] dump_stack_lvl+0x49/0x5f [ 9.317145] dump_stack+0x10/0x12 [ 9.317146] warn_alloc.cold+0x7b/0xdf [ 9.317150] ? __device_attach+0x16a/0x1b0 [ 9.317155] __vmalloc_node_range+0x702/0x740 [ 9.317160] ? device_add+0x17f/0x920 [ 9.317164] ? dev_set_name+0x53/0x70 [ 9.317166] ? platform_device_add+0xf9/0x240 [ 9.317168] __vmalloc_node+0x49/0x50 [ 9.317170] ? ghes_estatus_pool_init+0x43/0xa0 [ 9.317176] vmalloc+0x21/0x30 [ 9.317177] ghes_estatus_pool_init+0x43/0xa0 [ 9.317179] acpi_hest_init+0x129/0x19c [ 9.317185] acpi_init+0x434/0x4a4 [ 9.317188] ? acpi_sleep_proc_init+0x2a/0x2a [ 9.317190] do_one_initcall+0x48/0x200 [ 9.317195] kernel_init_freeable+0x221/0x284 [ 9.317200] ? rest_init+0xe0/0xe0 [ 9.317204] kernel_init+0x1a/0x130 [ 9.317205] ret_from_fork+0x22/0x30 [ 9.317208] </TASK> [ rjw: Subject and changelog edits ]
AI-Powered Analysis
Technical Analysis
CVE-2022-49885 is a vulnerability in the Linux kernel related to the ACPI (Advanced Configuration and Power Interface) subsystem, specifically within the APEI (ACPI Platform Error Interface) component. The flaw exists in the function ghes_estatus_pool_init(), where an integer overflow occurs due to the use of signed integers in a multiplication operation. The variable num_ghes, originally declared as a signed int, is multiplied by a constant GHES_ESOURCE_PREALLOC_MAX_SIZE, also a signed int, to calculate the length (len) for memory allocation. This calculation can overflow, resulting in an incorrect, extremely large value for len. Consequently, the subsequent vmalloc() call attempts to allocate an invalidly large memory size, which fails and triggers kernel warnings and errors. The root cause is the signed integer overflow during length calculation, which was fixed by changing num_ghes to an unsigned int, preventing the overflow and ensuring correct memory allocation. The vulnerability can cause kernel instability or denial of service (DoS) due to failed memory allocation and potential kernel panics during system initialization or ACPI error handling. The call trace provided shows the failure occurring during kernel initialization, indicating that affected systems may fail to boot or operate reliably. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions identified by the given commit hashes, which correspond to recent kernel versions prior to the patch. This issue is technical and specific to the Linux kernel's ACPI error handling mechanism, impacting systems that rely on this kernel code path.
Potential Impact
For European organizations, the impact of CVE-2022-49885 primarily involves potential system instability and denial of service on Linux-based servers, desktops, and embedded devices that utilize affected kernel versions. Organizations running Linux kernels with the vulnerable code in environments where ACPI error handling is active may experience boot failures or kernel crashes, leading to downtime and disruption of critical services. This can affect data centers, cloud providers, telecommunications infrastructure, and industrial control systems that rely on Linux. The denial of service could impact availability of services, causing operational delays and potential financial losses. Since the vulnerability is in the kernel, it affects the integrity and availability of systems rather than confidentiality. Although no remote code execution or privilege escalation is indicated, the inability to allocate memory correctly during kernel initialization can prevent systems from functioning properly. European organizations with large Linux deployments, especially those using custom or older kernels without the patch, are at risk. The lack of known exploits reduces immediate threat but does not eliminate risk, especially as attackers may develop exploits targeting this flaw. The impact is more severe in environments where high availability is critical, such as financial institutions, healthcare, and government infrastructure.
Mitigation Recommendations
To mitigate CVE-2022-49885, European organizations should prioritize updating their Linux kernels to versions that include the patch fixing the integer overflow in ghes_estatus_pool_init(). Kernel updates from trusted Linux distributions or direct application of the patch from the Linux kernel maintainers should be applied promptly. Organizations using custom kernels should backport the fix by changing the num_ghes variable to unsigned int as per the patch. Additionally, thorough testing of kernel updates in staging environments is recommended to ensure stability before production deployment. Monitoring kernel logs for vmalloc errors or ACPI-related warnings can help detect attempts to trigger the vulnerability. For critical systems where immediate patching is not feasible, consider isolating affected systems or limiting exposure to untrusted inputs that might trigger ACPI error handling. Implementing robust backup and recovery procedures will reduce downtime in case of system crashes. Finally, maintain awareness of Linux kernel advisories and subscribe to security mailing lists to receive timely updates on this and related vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-01T14:05:17.241Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe3f5a
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 8:12:22 PM
Last updated: 7/31/2025, 9:25:57 AM
Views: 14
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.