CVE-2022-48845: 
Linux Debian vulnerability analysis and mitigation

CVE-2022-48845 affects the Linux kernel's MIPS architecture implementation, specifically related to CPU sibling and core maps initialization timing in the SMP (Symmetric Multi-Processing) code. The vulnerability was discovered when CONFIGSCHEDCORE was enabled during the Linux 5.14 cycle, affecting 2-core 2-thread-per-core interAptiv (CPS-driven) systems (Kernel Commit).

The vulnerability stems from incorrect timing of CPU sibling and core maps initialization in the MIPS SMP code. The issue manifests when schedcorecpustarting() calculates core-scheduling parameters during CPU startup, but the sibling mask (smtmask) is empty because setcpusiblingmap() is called after notifycpu_start(). This causes a warning message during system boot for all CPUs except CPU0 (Kernel Commit).

The vulnerability results in incorrect core-scheduling parameters calculation during CPU startup on MIPS systems. While this primarily manifests as warning messages during boot, it could potentially affect the system's scheduling behavior since core-scheduling parameters are only calculated once per CPU start (Kernel Commit).

The issue has been fixed by moving the setcpusiblingmap() and setcpucoremap() calls earlier in the initialization sequence, specifically right after performing delay calibration and before notifycpustarting(). This ensures that all necessary CPU maps are properly initialized before core-scheduling parameters are calculated (Kernel Commit).