CVE-2022-48755

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48755
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48755.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48755
Downstream
Related
Published
2024-06-20T11:13:35.212Z
Modified
2025-11-19T12:44:09.648634Z
Summary
powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
Details

In the Linux kernel, the following vulnerability has been resolved:

powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06

Johan reported the below crash with test_bpf on ppc64 e5500:

testbpf: #296 ALUENDFROMLE 64: 0x0123456789abcdef -> 0x67452301 jited:1 Oops: Exception in kernel mode, sig: 4 [#1] BE PAGESIZE=4K SMP NRCPUS=24 QEMU e500 Modules linked in: testbpf(+) CPU: 0 PID: 76 Comm: insmod Not tainted 5.14.0-03771-g98c2059e008a-dirty #1 NIP: 8000000000061c3c LR: 80000000006dea64 CTR: 8000000000061c18 REGS: c0000000032d3420 TRAP: 0700 Not tainted (5.14.0-03771-g98c2059e008a-dirty) MSR: 0000000080089000 <EE,ME> CR: 88002822 XER: 20000000 IRQMASK: 0 <...> NIP [8000000000061c3c] 0x8000000000061c3c LR [80000000006dea64] .runone+0x104/0x17c [testbpf] Call Trace: .runone+0x60/0x17c [testbpf] (unreliable) .testbpfinit+0x6a8/0xdc8 [testbpf] .dooneinitcall+0x6c/0x28c .doinitmodule+0x68/0x28c .loadmodule+0x2460/0x2abc .dosysinitmodule+0x120/0x18c .systemcallexception+0x110/0x1b8 systemcallcommon+0xf0/0x210 --- interrupt: c00 at 0x101d0acc <...> ---[ end trace 47b2bf19090bb3d0 ]---

Illegal instruction

The illegal instruction turned out to be 'ldbrx' emitted for BPFFROM[L|B]E, which was only introduced in ISA v2.06. Guard use of the same and implement an alternative approach for older processors.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
156d0e290e969caba25f1851c52417c14d141b24
Fixed
129c71829d7f46423d95c19e8d87ce956d4c6e1c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
156d0e290e969caba25f1851c52417c14d141b24
Fixed
3bfbc00587dc883eaed383558ae512a351c2cd09
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
156d0e290e969caba25f1851c52417c14d141b24
Fixed
aaccfeeee1630b155e8ff0d6c449d3de1ef86e73
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
156d0e290e969caba25f1851c52417c14d141b24
Fixed
3f5f766d5f7f95a69a630da3544a1a0cee1cdddf

Affected versions

v4.*

v4.10
v4.10-rc1
v4.10-rc2
v4.10-rc3
v4.10-rc4
v4.10-rc5
v4.10-rc6
v4.10-rc7
v4.10-rc8
v4.11
v4.11-rc1
v4.11-rc2
v4.11-rc3
v4.11-rc4
v4.11-rc5
v4.11-rc6
v4.11-rc7
v4.11-rc8
v4.12
v4.12-rc1
v4.12-rc2
v4.12-rc3
v4.12-rc4
v4.12-rc5
v4.12-rc6
v4.12-rc7
v4.13
v4.13-rc1
v4.13-rc2
v4.13-rc3
v4.13-rc4
v4.13-rc5
v4.13-rc6
v4.13-rc7
v4.14
v4.14-rc1
v4.14-rc2
v4.14-rc3
v4.14-rc4
v4.14-rc5
v4.14-rc6
v4.14-rc7
v4.14-rc8
v4.15
v4.15-rc1
v4.15-rc2
v4.15-rc3
v4.15-rc4
v4.15-rc5
v4.15-rc6
v4.15-rc7
v4.15-rc8
v4.15-rc9
v4.16
v4.16-rc1
v4.16-rc2
v4.16-rc3
v4.16-rc4
v4.16-rc5
v4.16-rc6
v4.16-rc7
v4.17
v4.17-rc1
v4.17-rc2
v4.17-rc3
v4.17-rc4
v4.17-rc5
v4.17-rc6
v4.17-rc7
v4.18
v4.18-rc1
v4.18-rc2
v4.18-rc3
v4.18-rc4
v4.18-rc5
v4.18-rc6
v4.18-rc7
v4.18-rc8
v4.19
v4.19-rc1
v4.19-rc2
v4.19-rc3
v4.19-rc4
v4.19-rc5
v4.19-rc6
v4.19-rc7
v4.19-rc8
v4.20
v4.20-rc1
v4.20-rc2
v4.20-rc3
v4.20-rc4
v4.20-rc5
v4.20-rc6
v4.20-rc7
v4.7
v4.7-rc4
v4.7-rc5
v4.7-rc6
v4.7-rc7
v4.8
v4.8-rc1
v4.8-rc2
v4.8-rc3
v4.8-rc4
v4.8-rc5
v4.8-rc6
v4.8-rc7
v4.8-rc8
v4.9
v4.9-rc1
v4.9-rc2
v4.9-rc3
v4.9-rc4
v4.9-rc5
v4.9-rc6
v4.9-rc7
v4.9-rc8

v5.*

v5.0
v5.0-rc1
v5.0-rc2
v5.0-rc3
v5.0-rc4
v5.0-rc5
v5.0-rc6
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.11
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.2
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.2
v5.16.3
v5.16.4
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "105239462629332358716258232575426498397",
                "32103527024201341607003675759108241246",
                "220587104161106472041809474549398749580",
                "143652877451514349920477468941264021020",
                "282561266842276753911049100100607246021",
                "129268393788246293310497742440470261751"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aaccfeeee1630b155e8ff0d6c449d3de1ef86e73",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "arch/powerpc/net/bpf_jit_comp64.c"
        },
        "id": "CVE-2022-48755-204b34a2",
        "signature_type": "Line"
    },
    {
        "digest": {
            "line_hashes": [
                "105239462629332358716258232575426498397",
                "32103527024201341607003675759108241246",
                "220587104161106472041809474549398749580",
                "143652877451514349920477468941264021020",
                "282561266842276753911049100100607246021",
                "129268393788246293310497742440470261751"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3bfbc00587dc883eaed383558ae512a351c2cd09",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "arch/powerpc/net/bpf_jit_comp64.c"
        },
        "id": "CVE-2022-48755-2f33ab10",
        "signature_type": "Line"
    },
    {
        "digest": {
            "length": 17984.0,
            "function_hash": "155182815654196285202857402353000354879"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aaccfeeee1630b155e8ff0d6c449d3de1ef86e73",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "bpf_jit_build_body",
            "file": "arch/powerpc/net/bpf_jit_comp64.c"
        },
        "id": "CVE-2022-48755-3332dfbf",
        "signature_type": "Function"
    },
    {
        "digest": {
            "line_hashes": [
                "105239462629332358716258232575426498397",
                "32103527024201341607003675759108241246",
                "220587104161106472041809474549398749580",
                "143652877451514349920477468941264021020",
                "282561266842276753911049100100607246021",
                "129268393788246293310497742440470261751"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f5f766d5f7f95a69a630da3544a1a0cee1cdddf",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "arch/powerpc/net/bpf_jit_comp64.c"
        },
        "id": "CVE-2022-48755-385a11a2",
        "signature_type": "Line"
    },
    {
        "digest": {
            "length": 17745.0,
            "function_hash": "150369591766594772971143148946457470905"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@129c71829d7f46423d95c19e8d87ce956d4c6e1c",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "bpf_jit_build_body",
            "file": "arch/powerpc/net/bpf_jit_comp64.c"
        },
        "id": "CVE-2022-48755-85fff687",
        "signature_type": "Function"
    },
    {
        "digest": {
            "length": 17984.0,
            "function_hash": "155182815654196285202857402353000354879"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3bfbc00587dc883eaed383558ae512a351c2cd09",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "bpf_jit_build_body",
            "file": "arch/powerpc/net/bpf_jit_comp64.c"
        },
        "id": "CVE-2022-48755-8f3e5870",
        "signature_type": "Function"
    },
    {
        "digest": {
            "length": 18804.0,
            "function_hash": "200438703024651014207889232503807008796"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3f5f766d5f7f95a69a630da3544a1a0cee1cdddf",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "bpf_jit_build_body",
            "file": "arch/powerpc/net/bpf_jit_comp64.c"
        },
        "id": "CVE-2022-48755-c3d93e55",
        "signature_type": "Function"
    },
    {
        "digest": {
            "line_hashes": [
                "105239462629332358716258232575426498397",
                "32103527024201341607003675759108241246",
                "220587104161106472041809474549398749580",
                "143652877451514349920477468941264021020",
                "282561266842276753911049100100607246021",
                "129268393788246293310497742440470261751"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@129c71829d7f46423d95c19e8d87ce956d4c6e1c",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "arch/powerpc/net/bpf_jit_comp64.c"
        },
        "id": "CVE-2022-48755-feac1c7a",
        "signature_type": "Line"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.8.0
Fixed
5.10.96
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.19
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.16.5