CVE-2022-49964

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49964
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49964.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49964
Downstream
Related
Published
2025-06-18T11:00:29Z
Modified
2025-10-21T11:25:30.831057Z
Summary
arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
Details

In the Linux kernel, the following vulnerability has been resolved:

arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level

Though acpifindlastcachelevel() always returned signed value and the document states it will return any errors caused by lack of a PPTT table, it never returned negative values before.

Commit 0c80f9e165f8 ("ACPI: PPTT: Leave the table mapped for the runtime usage") however changed it by returning -ENOENT if no PPTT was found. The value returned from acpifindlastcachelevel() is then assigned to unsigned fw_level.

It will result in the number of cache leaves calculated incorrectly as a huge value which will then cause the following warning from _allocpages as the order would be great than MAX_ORDER because of incorrect and huge cache leaves value.

| WARNING: CPU: 0 PID: 1 at mm/pagealloc.c:5407 _allocpages+0x74/0x314 | Modules linked in: | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-10393-g7c2a8d3ac4c0 #73 | pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : _allocpages+0x74/0x314 | lr : allocpages+0xe8/0x318 | Call trace: | _allocpages+0x74/0x314 | allocpages+0xe8/0x318 | kmallocordertrace+0x68/0x1dc | _kmalloc+0x240/0x338 | detectcacheattributes+0xe0/0x56c | updatesiblingsmasks+0x38/0x284 | storecputopology+0x78/0x84 | smppreparecpus+0x48/0x134 | kernelinitfreeable+0xc4/0x14c | kernelinit+0x2c/0x1b4 | retfrom_fork+0x10/0x20

Fix the same by changing fwlevel to be signed integer and return the error from initcache_level() early in case of error.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f03d253ba71994b196f342a7acad448a56812a8c
Fixed
a754ee1c66bd0a23e613f0bf865053b29cb90e16
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0c80f9e165f8f9cca743d7b6cbdb54362da297e0
Fixed
e75d18cecbb3805895d8ed64da4f78575ec96043

Affected versions

v5.*

v5.19
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.4
v5.19.5
v5.19.6

v6.*

v6.0-rc1

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e75d18cecbb3805895d8ed64da4f78575ec96043",
        "target": {
            "function": "init_cache_level",
            "file": "arch/arm64/kernel/cacheinfo.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49964-2e289898",
        "digest": {
            "function_hash": "112244431300453041858121010981964954845",
            "length": 507.0
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a754ee1c66bd0a23e613f0bf865053b29cb90e16",
        "target": {
            "file": "arch/arm64/kernel/cacheinfo.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49964-8b7d0181",
        "digest": {
            "line_hashes": [
                "171483304552594338556756033145698024779",
                "97676979963620546762013054325472021742",
                "119699950651135686522873963682062298900",
                "277515177344061894811533263178454707397",
                "291824220855501814232541110653965473418",
                "112837253925923370902722388747979326137",
                "100196815551390886799721133288429018597"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e75d18cecbb3805895d8ed64da4f78575ec96043",
        "target": {
            "file": "arch/arm64/kernel/cacheinfo.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49964-cd7d7b78",
        "digest": {
            "line_hashes": [
                "171483304552594338556756033145698024779",
                "97676979963620546762013054325472021742",
                "119699950651135686522873963682062298900",
                "277515177344061894811533263178454707397",
                "291824220855501814232541110653965473418",
                "112837253925923370902722388747979326137",
                "100196815551390886799721133288429018597"
            ],
            "threshold": 0.9
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a754ee1c66bd0a23e613f0bf865053b29cb90e16",
        "target": {
            "function": "init_cache_level",
            "file": "arch/arm64/kernel/cacheinfo.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49964-e89a0db6",
        "digest": {
            "function_hash": "112244431300453041858121010981964954845",
            "length": 507.0
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.4
Fixed
5.19.7