CVE-2022-49783

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability has been resolved in the Linux kernel. The issue is related to the x86/fpu component, where the fpregs lock is not properly dropped before inheriting FPU permissions. This problem exists since a specific commit and affects the current preempt-rt tree. The error occurs when fpu inherit perms() is called under fpregs lock(), leading to an unsafe call to spin lock irq() due to fpu state size dynamic() returning true. The vulnerability is caused by the unnecessary use of fpregs lock in fpu inherit perms(), which disables preemption in a PREEMPT RT kernel.

Recommendations As a temporary workaround, consider disabling the fpu inherit perms() function until a patch is available. Restrict access to the vulnerable fpu clone() function to minimize the risk of exploitation. Avoid using the fpregs lock in fpu inherit perms() until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.