CVE-2022-49666: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2022-49666) was discovered affecting the PowerPC architecture's memory hotplug functionality. The issue arose after the implementation of commit ffa0b64e3be5 which introduced address validation against high_memory value for 64-bit Book3E & 32-bit systems. This validation caused kernel BUG conditions when dealing with DAX page frame numbers (Kernel Git).

The vulnerability manifests as a kernel BUG in mm/page_alloc.c:5521 when the system attempts to validate addresses against high_memory value. The issue specifically occurs during memory hotplug operations on PowerPC systems, where the high_memory value is not properly updated after adding new memory pages. This leads to incorrect address validation and subsequent system crashes (Kernel Git).

When exploited, this vulnerability causes a kernel panic through a BUG_ON condition, resulting in system crashes. This primarily affects systems using DAX (Direct Access) page frame numbers on PowerPC architectures with memory hotplug capabilities (Kernel Git).

The issue was fixed by implementing an add_pages override for PowerPC, similar to the x86 implementation. The fix ensures proper updating of high_memory value during memory hotplug operations by introducing update_end_of_memory_vars function to maintain correct memory boundary values (Kernel Git).