CVE-2022-49554

MEDIUM EPSS 7.9%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage free worker tries to lock a zspage's entire page list without defending against page migration. Since pages which haven't yet been locked can concurrently migrate off the zspage page list while lock_zspage() churns away, lock_zspage() can suffer from a few different lethal races. It can lock a page which no longer belongs to the zspage and unsafely dereference page_private(), it can unsafely dereference a torn pointer to the next page (since there's a data race), and it can observe a spurious NULL pointer to the next page and thus not lock all of the zspage's pages (since a single page migration will reconstruct the entire page list, and create_page_chain() unconditionally zeroes out each list pointer in the process). Fix the races by using migrate_read_lock() in lock_zspage() to synchronize with page migration.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
7.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥4.14  –  <4.14.282
linuxlinux_kernel*≥4.15  –  <4.19.246
linuxlinux_kernel*≥4.20  –  <5.4.197
linuxlinux_kernel*≥5.5  –  <5.10.120
linuxlinux_kernel*≥5.11  –  <5.15.45
linuxlinux_kernel*≥5.16  –  <5.17.13
linuxlinux_kernel*≥5.18  –  <5.18.2

References 8

  • git.kernel.org https://git.kernel.org/stable/c/2505a981114dcb715f8977b8433f7540854851d8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3674d8a8dadd03a447dd21069d4dacfc3399b63b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3ec459c8810e658401be428d3168eacfc380bdd0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/645996efc2ae391246d595832aaa6f9d3cc338c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ba7b7c1dad1f6503c541778f31b33f7f62eb966
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c5402fb5f71f1a725f1e55d9c6799c0c7bec308f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fae05b2314b147a78fbed1dc4c645d9a66313758
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fc658c083904427abbf8f18280d517ee2668677c
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2505a981114dcb715f8977b8433f7540854851d8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3674d8a8dadd03a447dd21069d4dacfc3399b63b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3ec459c8810e658401be428d3168eacfc380bdd0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/645996efc2ae391246d595832aaa6f9d3cc338c7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ba7b7c1dad1f6503c541778f31b33f7f62eb966
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c5402fb5f71f1a725f1e55d9c6799c0c7bec308f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fae05b2314b147a78fbed1dc4c645d9a66313758
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fc658c083904427abbf8f18280d517ee2668677c
    Patch