{ "threat_severity" : "Moderate", "public_date" : "2025-05-01T00:00:00Z", "bugzilla" : { "description" : "kernel: arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud", "id" : "2363427", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2363427" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\narm64/mm: fix incorrect file_map_count for non-leaf pmd/pud\nThe page table check trigger BUG_ON() unexpectedly when collapse hugepage:\n------------[ cut here ]------------\nkernel BUG at mm/page_table_check.c:82!\nInternal error: Oops - BUG: 00000000f2000800 [#1] SMP\nDumping ftrace buffer:\n(ftrace buffer empty)\nModules linked in:\nCPU: 6 PID: 68 Comm: khugepaged Not tainted 6.1.0-rc3+ #750\nHardware name: linux,dummy-virt (DT)\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : page_table_check_clear.isra.0+0x258/0x3f0\nlr : page_table_check_clear.isra.0+0x240/0x3f0\n[...]\nCall trace:\npage_table_check_clear.isra.0+0x258/0x3f0\n__page_table_check_pmd_clear+0xbc/0x108\npmdp_collapse_flush+0xb0/0x160\ncollapse_huge_page+0xa08/0x1080\nhpage_collapse_scan_pmd+0xf30/0x1590\nkhugepaged_scan_mm_slot.constprop.0+0x52c/0xac8\nkhugepaged+0x338/0x518\nkthread+0x278/0x2f8\nret_from_fork+0x10/0x20\n[...]\nSince pmd_user_accessible_page() doesn't check if a pmd is leaf, it\ndecrease file_map_count for a non-leaf pmd comes from collapse_huge_page().\nand so trigger BUG_ON() unexpectedly.\nFix this problem by using pmd_leaf() insteal of pmd_present() in\npmd_user_accessible_page(). Moreover, use pud_leaf() for\npud_user_accessible_page() too." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49778\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49778\nhttps://lore.kernel.org/linux-cve-announce/2025050118-CVE-2022-49778-ea15@gregkh/T" ], "name" : "CVE-2022-49778", "csaw" : false }