CVE-2022-32981

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18.4

Description An issue was discovered in the Linux kernel on powerpc 32-bit platforms, where there is a buffer overflow in ptrace PEEKUSER and POKEUSER when accessing floating point registers. This issue is related to the ptrace get fpr() function in the arch/powerpc/kernel/ptrace/ptrace-fpu.c module of the ptrace component of the Linux kernel. The exploitation of this issue allows an attacker to impact the confidentiality, integrity, and availability of protected information or elevate their privileges.

Recommendations For Linux kernel versions prior to 5.18.4, update to version 5.18.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the ptrace PEEKUSER and POKEUSER functions until a patch is available. Additionally, restricting access to the ptrace get fpr() function in the arch/powerpc/kernel/ptrace/ptrace-fpu.c module may help minimize the risk of exploitation.