PT-2025-18521 · Linux+3 · Linux Kernel+3
Published
2022-11-16
·
Updated
2025-05-13
·
CVE-2022-49804
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability has been resolved in the Linux kernel. The issue is related to the use of a global register for
current stack pointer on the s390 architecture. This uncovered an old bug in gcc, which is fixed in versions 9.1 and later, as well as in 8.4 and later due to a backport. The bug causes gcc versions prior to 8.4 to generate broken code, leading to stack corruptions. The current minimum required gcc version to build the kernel is 5.1.Recommendations
To resolve the issue, avoid using the global register variable for
current stack pointer.
As a temporary workaround, consider avoiding the use of the current stack pointer global register variable until a patch is available.Exploit
Fix
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Linux Kernel
Red Hat
Gcc