In the Linux kernel, the following vulnerability has been resolved:
arm64: fix oops in concurrently setting insn_emulation sysctls
emulationprochandler() changes table->data for procdointvecminmax and can generate the following Oops if called concurrently with itself:
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 | Internal error: Oops: 96000006 [#1] SMP | Call trace: | updateinsnemulationmode+0xc0/0x148 | emulationprochandler+0x64/0xb8 | procsyscallhandler+0x9c/0xf8 | procsyswrite+0x18/0x20 | _vfswrite+0x20/0x48 | vfswrite+0xe4/0x1d0 | ksyswrite+0x70/0xf8 | _arm64syswrite+0x20/0x28 | el0svccommon.constprop.0+0x7c/0x1c0 | el0svchandler+0x2c/0xa0 | el0svc+0x8/0x200
To fix this issue, keep the table->data as &insn->currentmode and use containerof() to retrieve the insn pointer. Another mutex is used to protect against the currentmode update but not for retrieving insnemulation as table->data is no longer changing.
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a2fd114678d7fc1b5a0f8865ae98f1c17787455",
"id": "CVE-2022-50206-1022231c",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "emulation_proc_handler",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 506.0,
"function_hash": "208061974099580248824470922620832625234"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07022e07017ee5540f5559b0aeb916e8383c1e1a",
"id": "CVE-2022-50206-1240b267",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "register_insn_emulation_sysctl",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 630.0,
"function_hash": "34727716310740305401880678320967446606"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@af483947d472eccb79e42059276c4deed76f99a6",
"id": "CVE-2022-50206-17eee106",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "register_insn_emulation_sysctl",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 630.0,
"function_hash": "34727716310740305401880678320967446606"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a2fd114678d7fc1b5a0f8865ae98f1c17787455",
"id": "CVE-2022-50206-1b81d830",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "register_insn_emulation_sysctl",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 630.0,
"function_hash": "34727716310740305401880678320967446606"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b51881b1da57fe9877125dfdd0aac5172958fcfd",
"id": "CVE-2022-50206-2d0d975b",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"1960440008552637471522873735239669356",
"71844346838708569953038098060445377091",
"106624606123905936178813100954168939776",
"188858779439744046596293998490388425982",
"7998542420089299705562643897603328374",
"79396103650214263694030792217223562231",
"328689374300287942133517738301719913541",
"35230617379854447449197200111902401572",
"97230348670262614986427894498271489776",
"44336810520464106678161697200492986320",
"229247971708747393122600108442160232851",
"322694686092827087889234089072531928242",
"16530959085057227706431841715011493790",
"20727372310159674985234954931761826626",
"325466685051034611159332988025943913907",
"192153659792134627944417308329088738987",
"214527160207516761093630398328987179082",
"107808490887006591694422837588088027843"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a2fd114678d7fc1b5a0f8865ae98f1c17787455",
"id": "CVE-2022-50206-44fd201e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"1960440008552637471522873735239669356",
"71844346838708569953038098060445377091",
"106624606123905936178813100954168939776",
"188858779439744046596293998490388425982",
"7998542420089299705562643897603328374",
"79396103650214263694030792217223562231",
"328689374300287942133517738301719913541",
"35230617379854447449197200111902401572",
"97230348670262614986427894498271489776",
"44336810520464106678161697200492986320",
"229247971708747393122600108442160232851",
"322694686092827087889234089072531928242",
"16530959085057227706431841715011493790",
"20727372310159674985234954931761826626",
"325466685051034611159332988025943913907",
"192153659792134627944417308329088738987",
"214527160207516761093630398328987179082",
"107808490887006591694422837588088027843"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@04549063d5701976034d8c2bfda3d3a8cbf0409f",
"id": "CVE-2022-50206-4ebb1330",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "register_insn_emulation_sysctl",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 630.0,
"function_hash": "34727716310740305401880678320967446606"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@04549063d5701976034d8c2bfda3d3a8cbf0409f",
"id": "CVE-2022-50206-540cc3a8",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "emulation_proc_handler",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 506.0,
"function_hash": "208061974099580248824470922620832625234"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07022e07017ee5540f5559b0aeb916e8383c1e1a",
"id": "CVE-2022-50206-6c9d4871",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"1960440008552637471522873735239669356",
"71844346838708569953038098060445377091",
"106624606123905936178813100954168939776",
"188858779439744046596293998490388425982",
"7998542420089299705562643897603328374",
"79396103650214263694030792217223562231",
"328689374300287942133517738301719913541",
"35230617379854447449197200111902401572",
"97230348670262614986427894498271489776",
"44336810520464106678161697200492986320",
"229247971708747393122600108442160232851",
"322694686092827087889234089072531928242",
"16530959085057227706431841715011493790",
"20727372310159674985234954931761826626",
"325466685051034611159332988025943913907",
"192153659792134627944417308329088738987",
"214527160207516761093630398328987179082",
"107808490887006591694422837588088027843"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@af483947d472eccb79e42059276c4deed76f99a6",
"id": "CVE-2022-50206-6de18875",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "emulation_proc_handler",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 506.0,
"function_hash": "208061974099580248824470922620832625234"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc69ef95988b9ef2fc730ec452a7441efb90ef5e",
"id": "CVE-2022-50206-760af2ec",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "register_insn_emulation_sysctl",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 630.0,
"function_hash": "34727716310740305401880678320967446606"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@353b4673d01c512303c45cf2346f630cda73b5c9",
"id": "CVE-2022-50206-773196d3",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "emulation_proc_handler",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 506.0,
"function_hash": "208061974099580248824470922620832625234"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d5fec6ba2e4117d196a8259ab54615ffe562460",
"id": "CVE-2022-50206-7dfcc1ef",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"1960440008552637471522873735239669356",
"71844346838708569953038098060445377091",
"106624606123905936178813100954168939776",
"188858779439744046596293998490388425982",
"7998542420089299705562643897603328374",
"79396103650214263694030792217223562231",
"328689374300287942133517738301719913541",
"35230617379854447449197200111902401572",
"97230348670262614986427894498271489776",
"44336810520464106678161697200492986320",
"229247971708747393122600108442160232851",
"322694686092827087889234089072531928242",
"16530959085057227706431841715011493790",
"325959897054673494592734257723986800168",
"325466685051034611159332988025943913907",
"192153659792134627944417308329088738987",
"214527160207516761093630398328987179082",
"107808490887006591694422837588088027843"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc69ef95988b9ef2fc730ec452a7441efb90ef5e",
"id": "CVE-2022-50206-9b53eae1",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "emulation_proc_handler",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 506.0,
"function_hash": "208061974099580248824470922620832625234"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07022e07017ee5540f5559b0aeb916e8383c1e1a",
"id": "CVE-2022-50206-9dd014e5",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "emulation_proc_handler",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 506.0,
"function_hash": "208061974099580248824470922620832625234"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@af483947d472eccb79e42059276c4deed76f99a6",
"id": "CVE-2022-50206-a28f47da",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"1960440008552637471522873735239669356",
"71844346838708569953038098060445377091",
"106624606123905936178813100954168939776",
"188858779439744046596293998490388425982",
"7998542420089299705562643897603328374",
"79396103650214263694030792217223562231",
"328689374300287942133517738301719913541",
"35230617379854447449197200111902401572",
"97230348670262614986427894498271489776",
"44336810520464106678161697200492986320",
"229247971708747393122600108442160232851",
"322694686092827087889234089072531928242",
"16530959085057227706431841715011493790",
"20727372310159674985234954931761826626",
"325466685051034611159332988025943913907",
"192153659792134627944417308329088738987",
"214527160207516761093630398328987179082",
"107808490887006591694422837588088027843"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@353b4673d01c512303c45cf2346f630cda73b5c9",
"id": "CVE-2022-50206-aa1cfc79",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"1960440008552637471522873735239669356",
"71844346838708569953038098060445377091",
"106624606123905936178813100954168939776",
"188858779439744046596293998490388425982",
"7998542420089299705562643897603328374",
"79396103650214263694030792217223562231",
"328689374300287942133517738301719913541",
"35230617379854447449197200111902401572",
"97230348670262614986427894498271489776",
"44336810520464106678161697200492986320",
"229247971708747393122600108442160232851",
"322694686092827087889234089072531928242",
"16530959085057227706431841715011493790",
"20727372310159674985234954931761826626",
"325466685051034611159332988025943913907",
"192153659792134627944417308329088738987",
"214527160207516761093630398328987179082",
"107808490887006591694422837588088027843"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b51881b1da57fe9877125dfdd0aac5172958fcfd",
"id": "CVE-2022-50206-ae72cf8b",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "register_insn_emulation_sysctl",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 630.0,
"function_hash": "34727716310740305401880678320967446606"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cc69ef95988b9ef2fc730ec452a7441efb90ef5e",
"id": "CVE-2022-50206-cfa9b1d0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"1960440008552637471522873735239669356",
"71844346838708569953038098060445377091",
"106624606123905936178813100954168939776",
"188858779439744046596293998490388425982",
"7998542420089299705562643897603328374",
"79396103650214263694030792217223562231",
"328689374300287942133517738301719913541",
"35230617379854447449197200111902401572",
"97230348670262614986427894498271489776",
"44336810520464106678161697200492986320",
"229247971708747393122600108442160232851",
"322694686092827087889234089072531928242",
"16530959085057227706431841715011493790",
"20727372310159674985234954931761826626",
"325466685051034611159332988025943913907",
"192153659792134627944417308329088738987",
"214527160207516761093630398328987179082",
"107808490887006591694422837588088027843"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d5fec6ba2e4117d196a8259ab54615ffe562460",
"id": "CVE-2022-50206-d0cf9d88",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "register_insn_emulation_sysctl",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 637.0,
"function_hash": "214044490424840149893727909019447720435"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b51881b1da57fe9877125dfdd0aac5172958fcfd",
"id": "CVE-2022-50206-da784ae1",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "emulation_proc_handler",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 506.0,
"function_hash": "208061974099580248824470922620832625234"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@353b4673d01c512303c45cf2346f630cda73b5c9",
"id": "CVE-2022-50206-e6454d27",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "register_insn_emulation_sysctl",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 630.0,
"function_hash": "34727716310740305401880678320967446606"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9d5fec6ba2e4117d196a8259ab54615ffe562460",
"id": "CVE-2022-50206-f298a352",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "emulation_proc_handler",
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Function",
"digest": {
"length": 506.0,
"function_hash": "208061974099580248824470922620832625234"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@04549063d5701976034d8c2bfda3d3a8cbf0409f",
"id": "CVE-2022-50206-f6d6aab5",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "arch/arm64/kernel/armv8_deprecated.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"1960440008552637471522873735239669356",
"71844346838708569953038098060445377091",
"106624606123905936178813100954168939776",
"188858779439744046596293998490388425982",
"7998542420089299705562643897603328374",
"79396103650214263694030792217223562231",
"328689374300287942133517738301719913541",
"35230617379854447449197200111902401572",
"97230348670262614986427894498271489776",
"44336810520464106678161697200492986320",
"229247971708747393122600108442160232851",
"322694686092827087889234089072531928242",
"16530959085057227706431841715011493790",
"20727372310159674985234954931761826626",
"325466685051034611159332988025943913907",
"192153659792134627944417308329088738987",
"214527160207516761093630398328987179082",
"107808490887006591694422837588088027843"
]
}
}
]