CVE-2022-49353

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, where a kernel panic occurs when the papr scm probe is called without the 'Enable Performance Information Collection' option enabled. This issue arises due to a missing check for the stat buffer len in the papr scm pmu check events() function, causing the drc pmem query stats() function to be called with a 'stat buffer' of size 0. The panic is characterized by a kernel NULL pointer dereference on write. The issue is observed on a POWER-10 LPAR with vPMEM.

Recommendations To resolve this issue, introduce a check for p->stat buffer len at the beginning of the papr scm pmu check events() function to prevent the drc pmem query stats() function from being called when the NVDIMM does not support performance stats. At the moment, there is no information about a newer version that contains a fix for this vulnerability.