CVE-2022-48795 (GCVE-0-2022-48795)

Vulnerability from cvelistv5 – Published: 2024-07-16 11:43 – Updated: 2026-05-11 18:47
VLAI
Title
parisc: Fix data TLB miss in sba_unmap_sg
Summary
In the Linux kernel, the following vulnerability has been resolved: parisc: Fix data TLB miss in sba_unmap_sg Rolf Eike Beer reported the following bug: [1274934.746891] Bad Address (null pointer deref?): Code=15 (Data TLB miss fault) at addr 0000004140000018 [1274934.746891] CPU: 3 PID: 5549 Comm: cmake Not tainted 5.15.4-gentoo-parisc64 #4 [1274934.746891] Hardware name: 9000/785/C8000 [1274934.746891] [1274934.746891] YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI [1274934.746891] PSW: 00001000000001001111111000001110 Not tainted [1274934.746891] r00-03 000000ff0804fe0e 0000000040bc9bc0 00000000406760e4 0000004140000000 [1274934.746891] r04-07 0000000040b693c0 0000004140000000 000000004a2b08b0 0000000000000001 [1274934.746891] r08-11 0000000041f98810 0000000000000000 000000004a0a7000 0000000000000001 [1274934.746891] r12-15 0000000040bddbc0 0000000040c0cbc0 0000000040bddbc0 0000000040bddbc0 [1274934.746891] r16-19 0000000040bde3c0 0000000040bddbc0 0000000040bde3c0 0000000000000007 [1274934.746891] r20-23 0000000000000006 000000004a368950 0000000000000000 0000000000000001 [1274934.746891] r24-27 0000000000001fff 000000000800000e 000000004a1710f0 0000000040b693c0 [1274934.746891] r28-31 0000000000000001 0000000041f988b0 0000000041f98840 000000004a171118 [1274934.746891] sr00-03 00000000066e5800 0000000000000000 0000000000000000 00000000066e5800 [1274934.746891] sr04-07 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [1274934.746891] [1274934.746891] IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000406760e8 00000000406760ec [1274934.746891] IIR: 48780030 ISR: 0000000000000000 IOR: 0000004140000018 [1274934.746891] CPU: 3 CR30: 00000040e3a9c000 CR31: ffffffffffffffff [1274934.746891] ORIG_R28: 0000000040acdd58 [1274934.746891] IAOQ[0]: sba_unmap_sg+0xb0/0x118 [1274934.746891] IAOQ[1]: sba_unmap_sg+0xb4/0x118 [1274934.746891] RP(r2): sba_unmap_sg+0xac/0x118 [1274934.746891] Backtrace: [1274934.746891] [<00000000402740cc>] dma_unmap_sg_attrs+0x6c/0x70 [1274934.746891] [<000000004074d6bc>] scsi_dma_unmap+0x54/0x60 [1274934.746891] [<00000000407a3488>] mptscsih_io_done+0x150/0xd70 [1274934.746891] [<0000000040798600>] mpt_interrupt+0x168/0xa68 [1274934.746891] [<0000000040255a48>] __handle_irq_event_percpu+0xc8/0x278 [1274934.746891] [<0000000040255c34>] handle_irq_event_percpu+0x3c/0xd8 [1274934.746891] [<000000004025ecb4>] handle_percpu_irq+0xb4/0xf0 [1274934.746891] [<00000000402548e0>] generic_handle_irq+0x50/0x70 [1274934.746891] [<000000004019a254>] call_on_stack+0x18/0x24 [1274934.746891] [1274934.746891] Kernel panic - not syncing: Bad Address (null pointer deref?) The bug is caused by overrunning the sglist and incorrectly testing sg_dma_len(sglist) before nents. Normally this doesn't cause a crash, but in this case sglist crossed a page boundary. This occurs in the following code: while (sg_dma_len(sglist) && nents--) { The fix is simply to test nents first and move the decrement of nents into the loop.
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f23f0444ead4d941165aa82ce2fcbb997dc00e97 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < de75676ee99bf9f25b1124ff301b3f7b8ba597d4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 867e50231c7605547d9334904d70a181f39f2d9e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < efccc9b0c7e28d0eb7918a236e59f60dc23db4c3 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f8f519d7df66c334b5e08f896ac70ee3b53add3b (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b7d6f44a0fa716a82969725516dc0b16bc7cd514 (git)
Create a notification for this product.
Linux Linux Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.9.303 , ≤ 4.9.* (semver)
Unaffected: 4.14.268 , ≤ 4.14.* (semver)
Unaffected: 4.19.231 , ≤ 4.19.* (semver)
Unaffected: 5.4.181 , ≤ 5.4.* (semver)
Unaffected: 5.10.102 , ≤ 5.10.* (semver)
Unaffected: 5.15.25 , ≤ 5.15.* (semver)
Unaffected: 5.16.11 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f23f0444ead4d941165aa82ce2fcbb997dc00e97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de75676ee99bf9f25b1124ff301b3f7b8ba597d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/867e50231c7605547d9334904d70a181f39f2d9e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/efccc9b0c7e28d0eb7918a236e59f60dc23db4c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8f519d7df66c334b5e08f896ac70ee3b53add3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7d6f44a0fa716a82969725516dc0b16bc7cd514"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:59:22.558593Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:15.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/parisc/sba_iommu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f23f0444ead4d941165aa82ce2fcbb997dc00e97",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "de75676ee99bf9f25b1124ff301b3f7b8ba597d4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "867e50231c7605547d9334904d70a181f39f2d9e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "efccc9b0c7e28d0eb7918a236e59f60dc23db4c3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f8f519d7df66c334b5e08f896ac70ee3b53add3b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b7d6f44a0fa716a82969725516dc0b16bc7cd514",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/parisc/sba_iommu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.303",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.25",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.303",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.268",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.231",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.181",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.102",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.25",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.11",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Fix data TLB miss in sba_unmap_sg\n\nRolf Eike Beer reported the following bug:\n\n[1274934.746891] Bad Address (null pointer deref?): Code=15 (Data TLB miss fault) at addr 0000004140000018\n[1274934.746891] CPU: 3 PID: 5549 Comm: cmake Not tainted 5.15.4-gentoo-parisc64 #4\n[1274934.746891] Hardware name: 9000/785/C8000\n[1274934.746891]\n[1274934.746891]      YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\n[1274934.746891] PSW: 00001000000001001111111000001110 Not tainted\n[1274934.746891] r00-03  000000ff0804fe0e 0000000040bc9bc0 00000000406760e4 0000004140000000\n[1274934.746891] r04-07  0000000040b693c0 0000004140000000 000000004a2b08b0 0000000000000001\n[1274934.746891] r08-11  0000000041f98810 0000000000000000 000000004a0a7000 0000000000000001\n[1274934.746891] r12-15  0000000040bddbc0 0000000040c0cbc0 0000000040bddbc0 0000000040bddbc0\n[1274934.746891] r16-19  0000000040bde3c0 0000000040bddbc0 0000000040bde3c0 0000000000000007\n[1274934.746891] r20-23  0000000000000006 000000004a368950 0000000000000000 0000000000000001\n[1274934.746891] r24-27  0000000000001fff 000000000800000e 000000004a1710f0 0000000040b693c0\n[1274934.746891] r28-31  0000000000000001 0000000041f988b0 0000000041f98840 000000004a171118\n[1274934.746891] sr00-03  00000000066e5800 0000000000000000 0000000000000000 00000000066e5800\n[1274934.746891] sr04-07  0000000000000000 0000000000000000 0000000000000000 0000000000000000\n[1274934.746891]\n[1274934.746891] IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000406760e8 00000000406760ec\n[1274934.746891]  IIR: 48780030    ISR: 0000000000000000  IOR: 0000004140000018\n[1274934.746891]  CPU:        3   CR30: 00000040e3a9c000 CR31: ffffffffffffffff\n[1274934.746891]  ORIG_R28: 0000000040acdd58\n[1274934.746891]  IAOQ[0]: sba_unmap_sg+0xb0/0x118\n[1274934.746891]  IAOQ[1]: sba_unmap_sg+0xb4/0x118\n[1274934.746891]  RP(r2): sba_unmap_sg+0xac/0x118\n[1274934.746891] Backtrace:\n[1274934.746891]  [\u003c00000000402740cc\u003e] dma_unmap_sg_attrs+0x6c/0x70\n[1274934.746891]  [\u003c000000004074d6bc\u003e] scsi_dma_unmap+0x54/0x60\n[1274934.746891]  [\u003c00000000407a3488\u003e] mptscsih_io_done+0x150/0xd70\n[1274934.746891]  [\u003c0000000040798600\u003e] mpt_interrupt+0x168/0xa68\n[1274934.746891]  [\u003c0000000040255a48\u003e] __handle_irq_event_percpu+0xc8/0x278\n[1274934.746891]  [\u003c0000000040255c34\u003e] handle_irq_event_percpu+0x3c/0xd8\n[1274934.746891]  [\u003c000000004025ecb4\u003e] handle_percpu_irq+0xb4/0xf0\n[1274934.746891]  [\u003c00000000402548e0\u003e] generic_handle_irq+0x50/0x70\n[1274934.746891]  [\u003c000000004019a254\u003e] call_on_stack+0x18/0x24\n[1274934.746891]\n[1274934.746891] Kernel panic - not syncing: Bad Address (null pointer deref?)\n\nThe bug is caused by overrunning the sglist and incorrectly testing\nsg_dma_len(sglist) before nents. Normally this doesn\u0027t cause a crash,\nbut in this case sglist crossed a page boundary. This occurs in the\nfollowing code:\n\n\twhile (sg_dma_len(sglist) \u0026\u0026 nents--) {\n\nThe fix is simply to test nents first and move the decrement of nents\ninto the loop."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T18:47:14.594Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f23f0444ead4d941165aa82ce2fcbb997dc00e97"
        },
        {
          "url": "https://git.kernel.org/stable/c/de75676ee99bf9f25b1124ff301b3f7b8ba597d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/867e50231c7605547d9334904d70a181f39f2d9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/efccc9b0c7e28d0eb7918a236e59f60dc23db4c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8f519d7df66c334b5e08f896ac70ee3b53add3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2"
        },
        {
          "url": "https://git.kernel.org/stable/c/e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7d6f44a0fa716a82969725516dc0b16bc7cd514"
        }
      ],
      "title": "parisc: Fix data TLB miss in sba_unmap_sg",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48795",
    "datePublished": "2024-07-16T11:43:50.129Z",
    "dateReserved": "2024-07-16T11:38:08.895Z",
    "dateUpdated": "2026-05-11T18:47:14.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-48795",
      "date": "2026-05-27",
      "epss": "0.0003",
      "percentile": "0.09025"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nparisc: Fix data TLB miss in sba_unmap_sg\\n\\nRolf Eike Beer reported the following bug:\\n\\n[1274934.746891] Bad Address (null pointer deref?): Code=15 (Data TLB miss fault) at addr 0000004140000018\\n[1274934.746891] CPU: 3 PID: 5549 Comm: cmake Not tainted 5.15.4-gentoo-parisc64 #4\\n[1274934.746891] Hardware name: 9000/785/C8000\\n[1274934.746891]\\n[1274934.746891]      YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\\n[1274934.746891] PSW: 00001000000001001111111000001110 Not tainted\\n[1274934.746891] r00-03  000000ff0804fe0e 0000000040bc9bc0 00000000406760e4 0000004140000000\\n[1274934.746891] r04-07  0000000040b693c0 0000004140000000 000000004a2b08b0 0000000000000001\\n[1274934.746891] r08-11  0000000041f98810 0000000000000000 000000004a0a7000 0000000000000001\\n[1274934.746891] r12-15  0000000040bddbc0 0000000040c0cbc0 0000000040bddbc0 0000000040bddbc0\\n[1274934.746891] r16-19  0000000040bde3c0 0000000040bddbc0 0000000040bde3c0 0000000000000007\\n[1274934.746891] r20-23  0000000000000006 000000004a368950 0000000000000000 0000000000000001\\n[1274934.746891] r24-27  0000000000001fff 000000000800000e 000000004a1710f0 0000000040b693c0\\n[1274934.746891] r28-31  0000000000000001 0000000041f988b0 0000000041f98840 000000004a171118\\n[1274934.746891] sr00-03  00000000066e5800 0000000000000000 0000000000000000 00000000066e5800\\n[1274934.746891] sr04-07  0000000000000000 0000000000000000 0000000000000000 0000000000000000\\n[1274934.746891]\\n[1274934.746891] IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000406760e8 00000000406760ec\\n[1274934.746891]  IIR: 48780030    ISR: 0000000000000000  IOR: 0000004140000018\\n[1274934.746891]  CPU:        3   CR30: 00000040e3a9c000 CR31: ffffffffffffffff\\n[1274934.746891]  ORIG_R28: 0000000040acdd58\\n[1274934.746891]  IAOQ[0]: sba_unmap_sg+0xb0/0x118\\n[1274934.746891]  IAOQ[1]: sba_unmap_sg+0xb4/0x118\\n[1274934.746891]  RP(r2): sba_unmap_sg+0xac/0x118\\n[1274934.746891] Backtrace:\\n[1274934.746891]  [\u003c00000000402740cc\u003e] dma_unmap_sg_attrs+0x6c/0x70\\n[1274934.746891]  [\u003c000000004074d6bc\u003e] scsi_dma_unmap+0x54/0x60\\n[1274934.746891]  [\u003c00000000407a3488\u003e] mptscsih_io_done+0x150/0xd70\\n[1274934.746891]  [\u003c0000000040798600\u003e] mpt_interrupt+0x168/0xa68\\n[1274934.746891]  [\u003c0000000040255a48\u003e] __handle_irq_event_percpu+0xc8/0x278\\n[1274934.746891]  [\u003c0000000040255c34\u003e] handle_irq_event_percpu+0x3c/0xd8\\n[1274934.746891]  [\u003c000000004025ecb4\u003e] handle_percpu_irq+0xb4/0xf0\\n[1274934.746891]  [\u003c00000000402548e0\u003e] generic_handle_irq+0x50/0x70\\n[1274934.746891]  [\u003c000000004019a254\u003e] call_on_stack+0x18/0x24\\n[1274934.746891]\\n[1274934.746891] Kernel panic - not syncing: Bad Address (null pointer deref?)\\n\\nThe bug is caused by overrunning the sglist and incorrectly testing\\nsg_dma_len(sglist) before nents. Normally this doesn\u0027t cause a crash,\\nbut in this case sglist crossed a page boundary. This occurs in the\\nfollowing code:\\n\\n\\twhile (sg_dma_len(sglist) \u0026\u0026 nents--) {\\n\\nThe fix is simply to test nents first and move the decrement of nents\\ninto the loop.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se resolvi\\u00f3 la siguiente vulnerabilidad: parisc: corregir la falta de TLB de datos en sba_unmap_sg Rolf Eike Beer inform\\u00f3 el siguiente error: [1274934.746891] Direcci\\u00f3n incorrecta (\\u00bfpuntero nulo deref?): C\\u00f3digo = 15 (falla de falta de TLB de datos) en direcci\\u00f3n 0000004140000018 [1274934.746891] CPU: 3 PID: 5549 Comunicaciones: cmake No contaminado 5.15.4-gentoo-parisc64 #4 [1274934.746891] Nombre de hardware: 9000/785/C8000 [1274934.746891 ] [1274934.746891] YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI [1274934.746891] PSW: 000010000000010011111111000001110 No contaminado [1274934.746891] r00-03 000000ff0804fe0e 0000000040bc9bc0 00000000406760e4 0000004140000000 [1274934.746891] r04-07 0b693c0 0000004140000000 000000004a2b08b0 0000000000000001 [1274934.746891] r08-11 0000000041f98810 0000000000000000 00000000 4a0a7000 0000000000000001 [1274934.746891] r12-15 0000000040bddbc0 0000000040c0cbc0 0000000040bddbc0 0000000040bddbc0 [1274934.746891 ] r16-19 0000000040bde3c0 0000000040bddbc0 0000000040bde3c0 0000000000000007 [1274934.746891] r20-23 0000000000000006 000000004a368950 0000000000000000 0000000000000001 [1274934.746891 ] r24-27 0000000000001fff 000000000800000e 000000004a1710f0 0000000040b693c0 [1274934.746891] r28-31 0000000000000001 00000000 41f988b0 0000000041f98840 000000004a171118 [1274934.746891] sr00-03 00000000066e5800 0000000000000000 0000000000000000 000000 00066e5800 [1274934.746891] sr04-07 0000000000000000 0000000000000000 00000000000000000 0000000000000000 [1274934.746891] [1274934.746891] IASQ: 0000000000000000 00000000000000000 IAOQ: 00000000406760e8 00000000406760 ec [1274934.746891] IIR: 48780030 ISR: 0000000000000000 IOR: 0000004140000018 [1274934.746891] CPU: 3 CR30: 00000040e3a9c000 CR31: 1274934.746891] ORIG_R28: 0000000040acdd58 [1274934.746891] IAOQ[ 0]: sba_unmap_sg+0xb0/0x118 [1274934.746891] IAOQ[1]: sba_unmap_sg+0xb4/0x118 [1274934.746891] RP(r2): sba_unmap_sg+0xac/0x118 [1274934.746891] seguimiento: [1274934.746891] [\u0026lt;00000000402740cc\u0026gt;] dma_unmap_sg_attrs+0x6c /0x70 [1274934.746891] [\u0026lt;000000004074d6bc\u0026gt;] scsi_dma_unmap+0x54/0x60 [1274934.746891] [\u0026lt;00000000407a3488\u0026gt;] mptscsih_io_done+0x150/0xd70 4.746891] [\u0026lt;0000000040798600\u0026gt;] mpt_interrupt+0x168/0xa68 [1274934.746891] [\u0026lt;0000000040255a48\u0026gt;] __handle_irq_event_percpu +0xc8/0x278 [1274934.746891] [\u0026lt;0000000040255c34\u0026gt;] handle_irq_event_percpu+0x3c/0xd8 [1274934.746891] [\u0026lt;000000004025ecb4\u0026gt;] handle_percpu_irq+0xb4/0xf0 [1 274934.746891] [\u0026lt;00000000402548e0\u0026gt;] generic_handle_irq+0x50/0x70 [1274934.746891] [\u0026lt;000000004019a254\u0026gt; ] call_on_stack+0x18/0x24 [1274934.746891] [1274934.746891] P\\u00e1nico del kernel - no se sincroniza: Direcci\\u00f3n incorrecta (\\u00bfpuntero nulo deref?) El error se debe a que se sobrepasa sglist y se prueba incorrectamente sg_dma_len(sglist) antes de nents. Normalmente esto no causa un bloqueo, pero en este caso sglist cruz\\u00f3 el l\\u00edmite de una p\\u00e1gina. Esto ocurre en el siguiente c\\u00f3digo: while (sg_dma_len(sglist) \u0026amp;\u0026amp; nents--) { La soluci\\u00f3n es simplemente probar nents primero y mover la disminuci\\u00f3n de nents al bucle.\"}]",
      "id": "CVE-2022-48795",
      "lastModified": "2024-11-21T07:34:02.450",
      "published": "2024-07-16T12:15:04.220",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/867e50231c7605547d9334904d70a181f39f2d9e\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/b7d6f44a0fa716a82969725516dc0b16bc7cd514\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/de75676ee99bf9f25b1124ff301b3f7b8ba597d4\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/efccc9b0c7e28d0eb7918a236e59f60dc23db4c3\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/f23f0444ead4d941165aa82ce2fcbb997dc00e97\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/f8f519d7df66c334b5e08f896ac70ee3b53add3b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/867e50231c7605547d9334904d70a181f39f2d9e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/b7d6f44a0fa716a82969725516dc0b16bc7cd514\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/de75676ee99bf9f25b1124ff301b3f7b8ba597d4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/efccc9b0c7e28d0eb7918a236e59f60dc23db4c3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/f23f0444ead4d941165aa82ce2fcbb997dc00e97\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/f8f519d7df66c334b5e08f896ac70ee3b53add3b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-48795\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-16T12:15:04.220\",\"lastModified\":\"2025-10-03T14:03:17.500\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nparisc: Fix data TLB miss in sba_unmap_sg\\n\\nRolf Eike Beer reported the following bug:\\n\\n[1274934.746891] Bad Address (null pointer deref?): Code=15 (Data TLB miss fault) at addr 0000004140000018\\n[1274934.746891] CPU: 3 PID: 5549 Comm: cmake Not tainted 5.15.4-gentoo-parisc64 #4\\n[1274934.746891] Hardware name: 9000/785/C8000\\n[1274934.746891]\\n[1274934.746891]      YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\\n[1274934.746891] PSW: 00001000000001001111111000001110 Not tainted\\n[1274934.746891] r00-03  000000ff0804fe0e 0000000040bc9bc0 00000000406760e4 0000004140000000\\n[1274934.746891] r04-07  0000000040b693c0 0000004140000000 000000004a2b08b0 0000000000000001\\n[1274934.746891] r08-11  0000000041f98810 0000000000000000 000000004a0a7000 0000000000000001\\n[1274934.746891] r12-15  0000000040bddbc0 0000000040c0cbc0 0000000040bddbc0 0000000040bddbc0\\n[1274934.746891] r16-19  0000000040bde3c0 0000000040bddbc0 0000000040bde3c0 0000000000000007\\n[1274934.746891] r20-23  0000000000000006 000000004a368950 0000000000000000 0000000000000001\\n[1274934.746891] r24-27  0000000000001fff 000000000800000e 000000004a1710f0 0000000040b693c0\\n[1274934.746891] r28-31  0000000000000001 0000000041f988b0 0000000041f98840 000000004a171118\\n[1274934.746891] sr00-03  00000000066e5800 0000000000000000 0000000000000000 00000000066e5800\\n[1274934.746891] sr04-07  0000000000000000 0000000000000000 0000000000000000 0000000000000000\\n[1274934.746891]\\n[1274934.746891] IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000406760e8 00000000406760ec\\n[1274934.746891]  IIR: 48780030    ISR: 0000000000000000  IOR: 0000004140000018\\n[1274934.746891]  CPU:        3   CR30: 00000040e3a9c000 CR31: ffffffffffffffff\\n[1274934.746891]  ORIG_R28: 0000000040acdd58\\n[1274934.746891]  IAOQ[0]: sba_unmap_sg+0xb0/0x118\\n[1274934.746891]  IAOQ[1]: sba_unmap_sg+0xb4/0x118\\n[1274934.746891]  RP(r2): sba_unmap_sg+0xac/0x118\\n[1274934.746891] Backtrace:\\n[1274934.746891]  [\u003c00000000402740cc\u003e] dma_unmap_sg_attrs+0x6c/0x70\\n[1274934.746891]  [\u003c000000004074d6bc\u003e] scsi_dma_unmap+0x54/0x60\\n[1274934.746891]  [\u003c00000000407a3488\u003e] mptscsih_io_done+0x150/0xd70\\n[1274934.746891]  [\u003c0000000040798600\u003e] mpt_interrupt+0x168/0xa68\\n[1274934.746891]  [\u003c0000000040255a48\u003e] __handle_irq_event_percpu+0xc8/0x278\\n[1274934.746891]  [\u003c0000000040255c34\u003e] handle_irq_event_percpu+0x3c/0xd8\\n[1274934.746891]  [\u003c000000004025ecb4\u003e] handle_percpu_irq+0xb4/0xf0\\n[1274934.746891]  [\u003c00000000402548e0\u003e] generic_handle_irq+0x50/0x70\\n[1274934.746891]  [\u003c000000004019a254\u003e] call_on_stack+0x18/0x24\\n[1274934.746891]\\n[1274934.746891] Kernel panic - not syncing: Bad Address (null pointer deref?)\\n\\nThe bug is caused by overrunning the sglist and incorrectly testing\\nsg_dma_len(sglist) before nents. Normally this doesn\u0027t cause a crash,\\nbut in this case sglist crossed a page boundary. This occurs in the\\nfollowing code:\\n\\n\\twhile (sg_dma_len(sglist) \u0026\u0026 nents--) {\\n\\nThe fix is simply to test nents first and move the decrement of nents\\ninto the loop.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: parisc: corregir la falta de TLB de datos en sba_unmap_sg Rolf Eike Beer inform\u00f3 el siguiente error: [1274934.746891] Direcci\u00f3n incorrecta (\u00bfpuntero nulo deref?): C\u00f3digo = 15 (falla de falta de TLB de datos) en direcci\u00f3n 0000004140000018 [1274934.746891] CPU: 3 PID: 5549 Comunicaciones: cmake No contaminado 5.15.4-gentoo-parisc64 #4 [1274934.746891] Nombre de hardware: 9000/785/C8000 [1274934.746891 ] [1274934.746891] YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI [1274934.746891] PSW: 000010000000010011111111000001110 No contaminado [1274934.746891] r00-03 000000ff0804fe0e 0000000040bc9bc0 00000000406760e4 0000004140000000 [1274934.746891] r04-07 0b693c0 0000004140000000 000000004a2b08b0 0000000000000001 [1274934.746891] r08-11 0000000041f98810 0000000000000000 00000000 4a0a7000 0000000000000001 [1274934.746891] r12-15 0000000040bddbc0 0000000040c0cbc0 0000000040bddbc0 0000000040bddbc0 [1274934.746891 ] r16-19 0000000040bde3c0 0000000040bddbc0 0000000040bde3c0 0000000000000007 [1274934.746891] r20-23 0000000000000006 000000004a368950 0000000000000000 0000000000000001 [1274934.746891 ] r24-27 0000000000001fff 000000000800000e 000000004a1710f0 0000000040b693c0 [1274934.746891] r28-31 0000000000000001 00000000 41f988b0 0000000041f98840 000000004a171118 [1274934.746891] sr00-03 00000000066e5800 0000000000000000 0000000000000000 000000 00066e5800 [1274934.746891] sr04-07 0000000000000000 0000000000000000 00000000000000000 0000000000000000 [1274934.746891] [1274934.746891] IASQ: 0000000000000000 00000000000000000 IAOQ: 00000000406760e8 00000000406760 ec [1274934.746891] IIR: 48780030 ISR: 0000000000000000 IOR: 0000004140000018 [1274934.746891] CPU: 3 CR30: 00000040e3a9c000 CR31: 1274934.746891] ORIG_R28: 0000000040acdd58 [1274934.746891] IAOQ[ 0]: sba_unmap_sg+0xb0/0x118 [1274934.746891] IAOQ[1]: sba_unmap_sg+0xb4/0x118 [1274934.746891] RP(r2): sba_unmap_sg+0xac/0x118 [1274934.746891] seguimiento: [1274934.746891] [\u0026lt;00000000402740cc\u0026gt;] dma_unmap_sg_attrs+0x6c /0x70 [1274934.746891] [\u0026lt;000000004074d6bc\u0026gt;] scsi_dma_unmap+0x54/0x60 [1274934.746891] [\u0026lt;00000000407a3488\u0026gt;] mptscsih_io_done+0x150/0xd70 4.746891] [\u0026lt;0000000040798600\u0026gt;] mpt_interrupt+0x168/0xa68 [1274934.746891] [\u0026lt;0000000040255a48\u0026gt;] __handle_irq_event_percpu +0xc8/0x278 [1274934.746891] [\u0026lt;0000000040255c34\u0026gt;] handle_irq_event_percpu+0x3c/0xd8 [1274934.746891] [\u0026lt;000000004025ecb4\u0026gt;] handle_percpu_irq+0xb4/0xf0 [1 274934.746891] [\u0026lt;00000000402548e0\u0026gt;] generic_handle_irq+0x50/0x70 [1274934.746891] [\u0026lt;000000004019a254\u0026gt; ] call_on_stack+0x18/0x24 [1274934.746891] [1274934.746891] P\u00e1nico del kernel - no se sincroniza: Direcci\u00f3n incorrecta (\u00bfpuntero nulo deref?) El error se debe a que se sobrepasa sglist y se prueba incorrectamente sg_dma_len(sglist) antes de nents. Normalmente esto no causa un bloqueo, pero en este caso sglist cruz\u00f3 el l\u00edmite de una p\u00e1gina. Esto ocurre en el siguiente c\u00f3digo: while (sg_dma_len(sglist) \u0026amp;\u0026amp; nents--) { La soluci\u00f3n es simplemente probar nents primero y mover la disminuci\u00f3n de nents al bucle.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.9.303\",\"matchCriteriaId\":\"B6A99783-2D18-40BD-B2F8-5659C625B903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.14.268\",\"matchCriteriaId\":\"58023BD3-9FC0-4CC9-8E7D-6C88E37089DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.231\",\"matchCriteriaId\":\"AC95C65F-81A3-45CE-9AEB-8890D21A3303\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.181\",\"matchCriteriaId\":\"FB33213E-1A45-4E3B-A129-58AAA2EB921D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.102\",\"matchCriteriaId\":\"DAD66A9A-8D06-48D1-8AA8-FC060496FF53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.25\",\"matchCriteriaId\":\"D098AA16-8E21-4EB7-AE2F-1EEB58E1A3A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.16.11\",\"matchCriteriaId\":\"0D327234-5D4A-43DC-A6DF-BCA0CEBEC039\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6E34B23-78B4-4516-9BD8-61B33F4AC49A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2D2677C-5389-4AE9-869D-0F881E80D923\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/867e50231c7605547d9334904d70a181f39f2d9e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b7d6f44a0fa716a82969725516dc0b16bc7cd514\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/de75676ee99bf9f25b1124ff301b3f7b8ba597d4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/efccc9b0c7e28d0eb7918a236e59f60dc23db4c3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f23f0444ead4d941165aa82ce2fcbb997dc00e97\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f8f519d7df66c334b5e08f896ac70ee3b53add3b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/867e50231c7605547d9334904d70a181f39f2d9e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b7d6f44a0fa716a82969725516dc0b16bc7cd514\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/de75676ee99bf9f25b1124ff301b3f7b8ba597d4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/efccc9b0c7e28d0eb7918a236e59f60dc23db4c3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f23f0444ead4d941165aa82ce2fcbb997dc00e97\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f8f519d7df66c334b5e08f896ac70ee3b53add3b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/f23f0444ead4d941165aa82ce2fcbb997dc00e97\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/de75676ee99bf9f25b1124ff301b3f7b8ba597d4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/867e50231c7605547d9334904d70a181f39f2d9e\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/efccc9b0c7e28d0eb7918a236e59f60dc23db4c3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/f8f519d7df66c334b5e08f896ac70ee3b53add3b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/b7d6f44a0fa716a82969725516dc0b16bc7cd514\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T15:25:01.550Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-48795\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T16:59:22.558593Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:21.604Z\"}}], \"cna\": {\"title\": \"parisc: Fix data TLB miss in sba_unmap_sg\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"f23f0444ead4d941165aa82ce2fcbb997dc00e97\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"de75676ee99bf9f25b1124ff301b3f7b8ba597d4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"867e50231c7605547d9334904d70a181f39f2d9e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"efccc9b0c7e28d0eb7918a236e59f60dc23db4c3\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"f8f519d7df66c334b5e08f896ac70ee3b53add3b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"b7d6f44a0fa716a82969725516dc0b16bc7cd514\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/parisc/sba_iommu.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.12\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.12\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.9.303\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.9.*\"}, {\"status\": \"unaffected\", \"version\": \"4.14.268\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.231\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.181\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.102\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.25\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"5.16.11\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.16.*\"}, {\"status\": \"unaffected\", \"version\": \"5.17\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/parisc/sba_iommu.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/f23f0444ead4d941165aa82ce2fcbb997dc00e97\"}, {\"url\": \"https://git.kernel.org/stable/c/de75676ee99bf9f25b1124ff301b3f7b8ba597d4\"}, {\"url\": \"https://git.kernel.org/stable/c/867e50231c7605547d9334904d70a181f39f2d9e\"}, {\"url\": \"https://git.kernel.org/stable/c/efccc9b0c7e28d0eb7918a236e59f60dc23db4c3\"}, {\"url\": \"https://git.kernel.org/stable/c/f8f519d7df66c334b5e08f896ac70ee3b53add3b\"}, {\"url\": \"https://git.kernel.org/stable/c/8c8e949ae81e7f5ab58f9f9f8e9b573b93173dd2\"}, {\"url\": \"https://git.kernel.org/stable/c/e40ae3133ed87d6d526f3c8fc6a5f9a2d72dcdbf\"}, {\"url\": \"https://git.kernel.org/stable/c/b7d6f44a0fa716a82969725516dc0b16bc7cd514\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nparisc: Fix data TLB miss in sba_unmap_sg\\n\\nRolf Eike Beer reported the following bug:\\n\\n[1274934.746891] Bad Address (null pointer deref?): Code=15 (Data TLB miss fault) at addr 0000004140000018\\n[1274934.746891] CPU: 3 PID: 5549 Comm: cmake Not tainted 5.15.4-gentoo-parisc64 #4\\n[1274934.746891] Hardware name: 9000/785/C8000\\n[1274934.746891]\\n[1274934.746891]      YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI\\n[1274934.746891] PSW: 00001000000001001111111000001110 Not tainted\\n[1274934.746891] r00-03  000000ff0804fe0e 0000000040bc9bc0 00000000406760e4 0000004140000000\\n[1274934.746891] r04-07  0000000040b693c0 0000004140000000 000000004a2b08b0 0000000000000001\\n[1274934.746891] r08-11  0000000041f98810 0000000000000000 000000004a0a7000 0000000000000001\\n[1274934.746891] r12-15  0000000040bddbc0 0000000040c0cbc0 0000000040bddbc0 0000000040bddbc0\\n[1274934.746891] r16-19  0000000040bde3c0 0000000040bddbc0 0000000040bde3c0 0000000000000007\\n[1274934.746891] r20-23  0000000000000006 000000004a368950 0000000000000000 0000000000000001\\n[1274934.746891] r24-27  0000000000001fff 000000000800000e 000000004a1710f0 0000000040b693c0\\n[1274934.746891] r28-31  0000000000000001 0000000041f988b0 0000000041f98840 000000004a171118\\n[1274934.746891] sr00-03  00000000066e5800 0000000000000000 0000000000000000 00000000066e5800\\n[1274934.746891] sr04-07  0000000000000000 0000000000000000 0000000000000000 0000000000000000\\n[1274934.746891]\\n[1274934.746891] IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000406760e8 00000000406760ec\\n[1274934.746891]  IIR: 48780030    ISR: 0000000000000000  IOR: 0000004140000018\\n[1274934.746891]  CPU:        3   CR30: 00000040e3a9c000 CR31: ffffffffffffffff\\n[1274934.746891]  ORIG_R28: 0000000040acdd58\\n[1274934.746891]  IAOQ[0]: sba_unmap_sg+0xb0/0x118\\n[1274934.746891]  IAOQ[1]: sba_unmap_sg+0xb4/0x118\\n[1274934.746891]  RP(r2): sba_unmap_sg+0xac/0x118\\n[1274934.746891] Backtrace:\\n[1274934.746891]  [\u003c00000000402740cc\u003e] dma_unmap_sg_attrs+0x6c/0x70\\n[1274934.746891]  [\u003c000000004074d6bc\u003e] scsi_dma_unmap+0x54/0x60\\n[1274934.746891]  [\u003c00000000407a3488\u003e] mptscsih_io_done+0x150/0xd70\\n[1274934.746891]  [\u003c0000000040798600\u003e] mpt_interrupt+0x168/0xa68\\n[1274934.746891]  [\u003c0000000040255a48\u003e] __handle_irq_event_percpu+0xc8/0x278\\n[1274934.746891]  [\u003c0000000040255c34\u003e] handle_irq_event_percpu+0x3c/0xd8\\n[1274934.746891]  [\u003c000000004025ecb4\u003e] handle_percpu_irq+0xb4/0xf0\\n[1274934.746891]  [\u003c00000000402548e0\u003e] generic_handle_irq+0x50/0x70\\n[1274934.746891]  [\u003c000000004019a254\u003e] call_on_stack+0x18/0x24\\n[1274934.746891]\\n[1274934.746891] Kernel panic - not syncing: Bad Address (null pointer deref?)\\n\\nThe bug is caused by overrunning the sglist and incorrectly testing\\nsg_dma_len(sglist) before nents. Normally this doesn\u0027t cause a crash,\\nbut in this case sglist crossed a page boundary. This occurs in the\\nfollowing code:\\n\\n\\twhile (sg_dma_len(sglist) \u0026\u0026 nents--) {\\n\\nThe fix is simply to test nents first and move the decrement of nents\\ninto the loop.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.9.303\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.14.268\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.231\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.181\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.102\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.25\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.16.11\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.17\", \"versionStartIncluding\": \"2.6.12\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-12-23T13:20:32.995Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-48795\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-23T13:20:32.995Z\", \"dateReserved\": \"2024-07-16T11:38:08.895Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-07-16T11:43:50.129Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.