{"id":"CVE-2022-49353","summary":"powerpc/papr_scm: don't requests stats with '0' sized stats buffer","details":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/papr_scm: don't requests stats with '0' sized stats buffer\n\nSachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic being\nreported with vPMEM when papr_scm probe is being called. The panic is of the\nform below and is observed only with following option disabled(profile) for the\nsaid LPAR 'Enable Performance Information Collection' in the HMC:\n\n Kernel attempted to write user page (1c) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on write at 0x0000001c\n Faulting instruction address: 0xc008000001b90844\n Oops: Kernel access of bad area, sig: 11 [#1]\n\u003csnip\u003e\n NIP [c008000001b90844] drc_pmem_query_stats+0x5c/0x270 [papr_scm]\n LR [c008000001b92794] papr_scm_probe+0x2ac/0x6ec [papr_scm]\n Call Trace:\n       0xc00000000941bca0 (unreliable)\n       papr_scm_probe+0x2ac/0x6ec [papr_scm]\n       platform_probe+0x98/0x150\n       really_probe+0xfc/0x510\n       __driver_probe_device+0x17c/0x230\n\u003csnip\u003e\n ---[ end trace 0000000000000000 ]---\n Kernel panic - not syncing: Fatal exception\n\nOn investigation looks like this panic was caused due to a 'stat_buffer' of\nsize==0 being provided to drc_pmem_query_stats() to fetch all performance\nstats-ids of an NVDIMM. However drc_pmem_query_stats() shouldn't have been called\nsince the vPMEM NVDIMM doesn't support and performance stat-id's. This was caused\ndue to missing check for 'p-\u003estat_buffer_len' at the beginning of\npapr_scm_pmu_check_events() which indicates that the NVDIMM doesn't support\nperformance-stats.\n\nFix this by introducing the check for 'p-\u003estat_buffer_len' at the beginning of\npapr_scm_pmu_check_events().\n\n[1] https://lore.kernel.org/all/6B3A522A-6A5F-4CC9-B268-0C63AA6E07D3@linux.ibm.com","modified":"2026-04-02T08:18:06.547512Z","published":"2025-02-26T02:11:04.982Z","related":["ALSA-2025:20518","SUSE-SU-2025:1176-1","SUSE-SU-2025:1241-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49353.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/07bf9431b1590d1cd7a8d62075d0b50b073f0495"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e1295aab2ebcda1c1a9ed342baedc080e5c393e5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49353.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49353"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b073096df4dec70d0436321b7093bad27ae91f9e"},{"fixed":"e1295aab2ebcda1c1a9ed342baedc080e5c393e5"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0e0946e22f3665d27325d389ff45ade6e93f3678"},{"fixed":"07bf9431b1590d1cd7a8d62075d0b50b073f0495"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49353.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}