CVE-2022-50093

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc3-00004-g0e862838f290

Description A vulnerability in the Linux kernel has been resolved, which could lead to invalid memory access via node online(NUMA NO NODE). The issue occurs when pxm to node() returns %NUMA NO NODE (-1), a valid 'magic' number for a NUMA node but not a valid bit number for use in bitops. This can cause an insane array index when calculating the bit position in memory. The vulnerability is related to the dmar parse one rhsa function in drivers/iommu/intel/dmar.c.

Recommendations For Linux kernel versions prior to 5.19.0-rc3-00004-g0e862838f290, consider updating to a newer version that includes the fix for this issue. As a temporary workaround, consider adding an explicit check for the node being not %NUMA NO NODE before calling test bit(). Restrict access to the dmar parse one rhsa function in drivers/iommu/intel/dmar.c to minimize the risk of exploitation. Avoid using the node online function with unvalidated input until the issue is resolved.