CVE-2022-49851

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc1-00001-g0d9d6953d834

Description A vulnerability in the Linux kernel has been resolved, specifically in the RISC-V architecture. The issue arises from the setup of reserved memory using the "early" copy of the device tree, which causes a kernel panic when trying to use the buffer's name. This is due to the pointer to reserved memory regions using the early, pre-virtual-memory address. The vulnerability is triggered when the of reserved mem lookup() function is called, and the vsnprintf() function is used with the incorrect address. The estimated number of potentially affected devices is not provided.

Technical details about the exploitation include:

Recommendations To resolve the issue, move the early init fdt scan reserved mem() function further along the boot sequence, after the direct call to early init dt verify() in setup arch(), so that the names use the correct virtual memory addresses. This should work equally in cases where CONFIG BUILTIN DTB is set or not, as unflatted and copy device tree() also updates initial boot params.