{
  "threat_severity" : "Low",
  "public_date" : "2025-06-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem",
    "id" : "2373407",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373407"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nbootmem: remove the vmemmap pages from kmemleak in put_page_bootmem\nThe vmemmap pages is marked by kmemleak when allocated from memblock. \nRemove it from kmemleak when freeing the page.  Otherwise, when we reuse\nthe page, kmemleak may report such an error and then stop working.\nkmemleak: Cannot insert 0xffff98fb6eab3d40 into the object search tree (overlaps existing)\nkmemleak: Kernel memory leak detector disabled\nkmemleak: Object 0xffff98fb6be00000 (size 335544320):\nkmemleak:   comm \"swapper\", pid 0, jiffies 4294892296\nkmemleak:   min_count = 0\nkmemleak:   count = 0\nkmemleak:   flags = 0x1\nkmemleak:   checksum = 0\nkmemleak:   backtrace:" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49994\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49994\nhttps://lore.kernel.org/linux-cve-announce/2025061825-CVE-2022-49994-e212@gregkh/T" ],
  "name" : "CVE-2022-49994",
  "csaw" : false
}