CVE-2022-49623

Summary

CVE-2022-49623: A vulnerability in the Linux kernel's powerpc/xive/spapr driver has been addressed. The issue involved a bitmap allocation size error in the _find_first_zero_bit function. This error led to a read of size 8 at an unintended address, resulting in a kernel panic. The bug was triggered by task swapper/0, and the faulty address belonged to an object of size 8 in the cache kmalloc-8. The memory around the buggy address contained uninitialized values, indicating that an incorrect unit (bits) was used when allocating memory, resulting in invalid accesses. To mitigate this issue, developers are advised to use bitmap_zalloc() for bitmap allocation and bitmap_free() for consistent bitmap deallocation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.