CVE-2022-49520

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18.0-rc1 #79

Description A vulnerability in the Linux kernel has been resolved. The issue occurs when a compat process tries to execute an unknown system call above the ARM NR COMPAT END number, causing the kernel to send a SIGILL signal to the offending process. The kernel prints error information to dmesg, but it interprets a non-zero value for current->thread.fault code as an exception syndrome, displaying a message associated with the ESR ELx.EC field. This can lead to the kernel printing bogus exception messages. For example, for a syscall number of 0x68000000, the kernel prints an error message related to pointer authentication, which is misleading.

The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include the compat arm syscall() function, which sets the current->thread.fault code value with the bad syscall number instead of a valid ESR ELx value. The arm64 show signal() function interprets this value as an exception syndrome and displays the associated message.

Recommendations For Linux kernel versions prior to 5.18.0-rc1 #79, the issue can be resolved by updating to a newer version of the kernel. As a temporary workaround, consider modifying the compat arm syscall() function to set the ESR ELx value to 0 for invalid system call numbers, preventing the kernel from printing misleading exception syndrome information.