CVE-2022-49081
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49081
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49081.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49081
- Downstream
- Published
- 2025-02-26T01:54:41Z
- Modified
- 2025-10-21T09:07:21.801147Z
- Summary
- highmem: fix checks in __kmap_local_sched_{in,out}
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
highmem: fix checks in _kmaplocalsched{in,out}
When CONFIGDEBUGKMAPLOCAL is enabled _kmaplocalsched{in,out} check that even slots in the tsk->kmapctrl.pteval are unmapped. The slots are initialized with 0 value, but the check is done with ptenone. 0 pte however does not necessarily mean that ptenone will return true. e.g. on xtensa it returns false, resulting in the following runtime warnings:
WARNING: CPU: 0 PID: 101 at mm/highmem.c:627 _kmaplocalschedout+0x51/0x108 CPU: 0 PID: 101 Comm: touch Not tainted 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13 Call Trace: dumpstack+0xc/0x40 _warn+0x8f/0x174 warnslowpathfmt+0x48/0xac _kmaplocalschedout+0x51/0x108 _schedule+0x71a/0x9c4 preemptscheduleirq+0xa0/0xe0 commonexceptionreturn+0x5c/0x93 dowppage+0x30e/0x330 handlemmfault+0xa70/0xc3c dopagefault+0x1d8/0x3c4 commonexception+0x7f/0x7f
WARNING: CPU: 0 PID: 101 at mm/highmem.c:664 _kmaplocalschedin+0x50/0xe0 CPU: 0 PID: 101 Comm: touch Tainted: G W 5.17.0-rc7-00010-gd3a1cdde80d2-dirty #13 Call Trace: dumpstack+0xc/0x40 _warn+0x8f/0x174 warnslowpathfmt+0x48/0xac _kmaplocalschedin+0x50/0xe0 finishtaskswitch$isra$0+0x1ce/0x2f8 _schedule+0x86e/0x9c4 preemptscheduleirq+0xa0/0xe0 commonexceptionreturn+0x5c/0x93 dowppage+0x30e/0x330 handlemmfault+0xa70/0xc3c dopagefault+0x1d8/0x3c4 commonexception+0x7f/0x7f
Fix it by replacing !ptenone(pteval) with pteval(pteval) != 0.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/66f133ceab7456c789f70a242991ed1b27ba1c3d
- https://git.kernel.org/stable/c/7dd5b3b97716a611fcf67d92fd2370fcb8d50372
- https://git.kernel.org/stable/c/85550b0f5fa5dd3c30469ea702c44444ef242c83
- https://git.kernel.org/stable/c/c21d040de6225414547d9bd31cd200f290991c85
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5fbda3ecd14a5343644979c98d6eb65b7e7de9d8Fixedc21d040de6225414547d9bd31cd200f290991c85
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5fbda3ecd14a5343644979c98d6eb65b7e7de9d8Fixed85550b0f5fa5dd3c30469ea702c44444ef242c83
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5fbda3ecd14a5343644979c98d6eb65b7e7de9d8Fixed7dd5b3b97716a611fcf67d92fd2370fcb8d50372
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5fbda3ecd14a5343644979c98d6eb65b7e7de9d8Fixed66f133ceab7456c789f70a242991ed1b27ba1c3d
Affected versions
v5.*
v5.10
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.15
v5.16.16
v5.16.17
v5.16.18
v5.16.19
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.2
v5.18-rc1
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"digest": {
"function_hash": "164826743307082486980978044720728457238",
"length": 562.0
},
"target": {
"file": "mm/highmem.c",
"function": "__kmap_local_sched_in"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@66f133ceab7456c789f70a242991ed1b27ba1c3d",
"id": "CVE-2022-49081-0a29a856",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "186872154984334371173310814619961620342",
"length": 569.0
},
"target": {
"file": "mm/highmem.c",
"function": "__kmap_local_sched_out"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85550b0f5fa5dd3c30469ea702c44444ef242c83",
"id": "CVE-2022-49081-1103aca7",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "186872154984334371173310814619961620342",
"length": 569.0
},
"target": {
"file": "mm/highmem.c",
"function": "__kmap_local_sched_out"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c21d040de6225414547d9bd31cd200f290991c85",
"id": "CVE-2022-49081-11a31b3b",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228139517829977112064270241649169712891",
"258108900850298624410529796070536767223",
"239972167232019512164113696831126981759",
"296765964846472315784145903840112681913",
"228139517829977112064270241649169712891",
"258108900850298624410529796070536767223",
"239972167232019512164113696831126981759",
"296765964846472315784145903840112681913"
]
},
"target": {
"file": "mm/highmem.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85550b0f5fa5dd3c30469ea702c44444ef242c83",
"id": "CVE-2022-49081-22c2e94c",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228139517829977112064270241649169712891",
"258108900850298624410529796070536767223",
"239972167232019512164113696831126981759",
"296765964846472315784145903840112681913",
"228139517829977112064270241649169712891",
"258108900850298624410529796070536767223",
"239972167232019512164113696831126981759",
"296765964846472315784145903840112681913"
]
},
"target": {
"file": "mm/highmem.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@66f133ceab7456c789f70a242991ed1b27ba1c3d",
"id": "CVE-2022-49081-2af1504a",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228139517829977112064270241649169712891",
"258108900850298624410529796070536767223",
"239972167232019512164113696831126981759",
"296765964846472315784145903840112681913",
"228139517829977112064270241649169712891",
"258108900850298624410529796070536767223",
"239972167232019512164113696831126981759",
"296765964846472315784145903840112681913"
]
},
"target": {
"file": "mm/highmem.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7dd5b3b97716a611fcf67d92fd2370fcb8d50372",
"id": "CVE-2022-49081-3868cb0e",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "164826743307082486980978044720728457238",
"length": 562.0
},
"target": {
"file": "mm/highmem.c",
"function": "__kmap_local_sched_in"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c21d040de6225414547d9bd31cd200f290991c85",
"id": "CVE-2022-49081-75823e9b",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "164826743307082486980978044720728457238",
"length": 562.0
},
"target": {
"file": "mm/highmem.c",
"function": "__kmap_local_sched_in"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7dd5b3b97716a611fcf67d92fd2370fcb8d50372",
"id": "CVE-2022-49081-7ee71871",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "164826743307082486980978044720728457238",
"length": 562.0
},
"target": {
"file": "mm/highmem.c",
"function": "__kmap_local_sched_in"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85550b0f5fa5dd3c30469ea702c44444ef242c83",
"id": "CVE-2022-49081-89933cc6",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "186872154984334371173310814619961620342",
"length": 569.0
},
"target": {
"file": "mm/highmem.c",
"function": "__kmap_local_sched_out"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7dd5b3b97716a611fcf67d92fd2370fcb8d50372",
"id": "CVE-2022-49081-b91189c0",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228139517829977112064270241649169712891",
"258108900850298624410529796070536767223",
"239972167232019512164113696831126981759",
"296765964846472315784145903840112681913",
"228139517829977112064270241649169712891",
"258108900850298624410529796070536767223",
"239972167232019512164113696831126981759",
"296765964846472315784145903840112681913"
]
},
"target": {
"file": "mm/highmem.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c21d040de6225414547d9bd31cd200f290991c85",
"id": "CVE-2022-49081-bb6ae6ab",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "186872154984334371173310814619961620342",
"length": 569.0
},
"target": {
"file": "mm/highmem.c",
"function": "__kmap_local_sched_out"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@66f133ceab7456c789f70a242991ed1b27ba1c3d",
"id": "CVE-2022-49081-da0ec138",
"deprecated": false,
"signature_version": "v1"
}
]