CVE-2022-49945 in LinuxИнформация

Сводка

по VulDB • 26.05.2026

Based on the kernel panic log provided, here is an analysis of the crash:

### **1. Crash Summary** - **Type:** Kernel Oops/Panic (likely an invalid memory access or assertion failure). - **Module:** `gpio_fan` (GPIO-controlled fan driver). - **Function:** `set_fan_speed.part.5` - **Trigger:** Writing to a sysfs attribute (`cur_state_store`), likely via `echo <value> > /sys/class/thermal/.../cur_state` or similar. - **Architecture:** ARM64 (`el0t_64_sync`, `x0-x31` registers).

### **2. Key Evidence** - **Call Trace:** ``` set_fan_speed.part.5+0x34/0x80 [gpio_fan]
gpio_fan_set_cur_state+0x34/0x50 [gpio_fan]
cur_state_store+0x84/0xd0 dev_attr_store+0x20/0x38 sysfs_kf_write+0x4c/0x60 ... ``` This shows the crash occurred while the kernel was trying to set the fan speed state via sysfs.

- **Register State:** - `x0`: `ffff80d0588060` (likely a pointer to a `gpio_fan_data` or similar structure). - `x1`: `1` (likely the new fan state/speed value being set). - `x2`: `e780` (possibly a bitmask or GPIO mask). - `x3`: `ffff800369f2e8` (another pointer, possibly to GPIO descriptors or chip data).

- **Code Snippet (Decoded):** ``` Code: b9403801 f9402800 7100003f 8b35cc00 (b9400416) ``` This is ARM64 assembly. The crash instruction is at offset `0x34` in `set_fan_speed.part.5`. The instruction `b9400416` is a `str` (store register) instruction, which suggests the crash is due to an **invalid memory write** (e.g., null pointer dereference, invalid address, or corrupted structure).

### **3. Likely Causes** 1. **Null Pointer Dereference:** The `gpio_fan_data` structure (pointed to by `x0`) may be invalid or uninitialized. 2. **Invalid GPIO Configuration:** The GPIO pins configured for the fan may not be properly requested or may conflict with other drivers. 3. **Race Condition:** If the fan device is being removed/unloaded while a sysfs write is in progress, the structure may be freed prematurely. 4. **Corrupted Memory:** Less likely, but possible if there’s a broader memory corruption issue.

### **4. Debugging Steps** 1. **Check Kernel Logs:** Look for earlier warnings about `gpio_fan` initialization or GPIO requests: ```bash dmesg | grep -i gpio_fan dmesg | grep -i fan ```

2. **Verify Device Tree:** Ensure the `gpio_fan` node in your device tree is correctly defined: ```dts fan: fan {
compatible = "gpio-fan"; gpios = <&gpio0 10 GPIO_ACTIVE_HIGH>; /* Example */ gpio-fan,speed-map = <0 0 1 1000 2 2000>; /* Example */ }; ```

3. **Reproduce the Crash:** - Try writing to the sysfs file again: ```bash echo 1 > /sys/class/thermal/thermal_zone0/hwmon/hwmon0/pwm1_enable ``` - Check if the crash is consistent.

4. **Check for Driver Updates:** - Ensure you’re using the latest kernel version, as `gpio_fan` bugs may have been fixed.

5. **Enable Debugging:** - Recompile the kernel with `CONFIG_GPIO_FAN_DEBUG` (if available) or add `printk` statements in `set_fan_speed.part.5` to identify which pointer is invalid.

### **5. Workaround** - **Avoid Writing to `cur_state`:** If possible, use `pwm1` or `fan1` sysfs attributes instead of `cur_state`. - **Disable `gpio_fan

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Ответственный

Linux

Резервировать

18.06.2025

Раскрытие

18.06.2025

Модерация

принято

Вход

VDB-312939

EPSS

0.00196

KEV

Нет

Деятельности

Очень низкий

Источники

Do you need the next level of professionalism?

Upgrade your account now!