CVE-2022-49074

low-risk

Published 2025-02-26

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix GICR_CTLR.RWP polling It turns out that our polling of RWP is totally wrong when checking for it in the redistributors, as we test the *distributor* bit index, whereas it is a different bit number in the RDs... Oopsie boo. This is embarassing. Not only because it is wrong, but also because it took *8 years* to notice the blunder... Just fix the damn thing.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Linux Kernel

Affected Vendors

Linux

References (7)

Patch https://git.kernel.org/stable/c/0df6664531a12cdd8fc873f0cac0dcb40243d3e9

Patch https://git.kernel.org/stable/c/3c07cc242baf83f0bddbbd9d7945d0bee56d8b57

Patch https://git.kernel.org/stable/c/60e1eb4811f53f5f60c788297d978515e7a2637a

Patch https://git.kernel.org/stable/c/6fef3e3179e6ed8fecdd004ede541674ffa7749d

Patch https://git.kernel.org/stable/c/7218a789abb3e033f5f3a85636ca50d9ae7b0fc9

Patch https://git.kernel.org/stable/c/c7daf1b4ad809692d5c26f33c02ed8a031066548

Patch https://git.kernel.org/stable/c/ff24114bb08d8b90edf2aff0a4fd0689523e6c17

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low