CVE-2022-49426
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49426
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49426.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49426
- Downstream
- Related
- Published
- 2025-02-26T02:12:47Z
- Modified
- 2025-10-21T10:06:33.560340Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- iommu/arm-smmu-v3-sva: Fix mm use-after-free
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu-v3-sva: Fix mm use-after-free
We currently call arm64mmcontext_put() without holding a reference to the mm, which can result in use-after-free. Call mmgrab()/mmdrop() to ensure the mm only gets freed after we unpinned the ASID.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/9aa215450888cf29af0c479e14a712dc6b0c506c
- https://git.kernel.org/stable/c/cbd23144f7662b00bcde32a938c4a4057e476d68
- https://git.kernel.org/stable/c/e3cbbdbff8a4db5d053c53fd71be62ccccdb52b0
- https://git.kernel.org/stable/c/fc90f13ea0dcd960e5002d204fa55cec4e0db2fa
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced32784a9562fb0518b12e9797ee2aec52214adf6fFixedfc90f13ea0dcd960e5002d204fa55cec4e0db2fa
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced32784a9562fb0518b12e9797ee2aec52214adf6fFixede3cbbdbff8a4db5d053c53fd71be62ccccdb52b0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced32784a9562fb0518b12e9797ee2aec52214adf6fFixed9aa215450888cf29af0c479e14a712dc6b0c506c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced32784a9562fb0518b12e9797ee2aec52214adf6fFixedcbd23144f7662b00bcde32a938c4a4057e476d68
Affected versions
v5.*
v5.10
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9aa215450888cf29af0c479e14a712dc6b0c506c",
"target": {
"function": "arm_smmu_alloc_shared_cd",
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"function_hash": "117647168439576844901761699548261060643",
"length": 1708.0
},
"deprecated": false,
"id": "CVE-2022-49426-0436eaf0",
"signature_type": "Function",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9aa215450888cf29af0c479e14a712dc6b0c506c",
"target": {
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"line_hashes": [
"199573941502738814452273173395105972395",
"23068384874534669659628255196597326708",
"202949095744626106972546117117116375785",
"158151029981066433713762111506164205472",
"112837849013932809601270773104694385435",
"90982313822912604033315813153414078760",
"13246362121769456088733132721556661224",
"113230354026799769919584743244097264742",
"60306163660711205910268308053210484209",
"88973013800609819949721058658400708985",
"274428946425137881025843349700974104862",
"246130972882053069699042413327490686288",
"91247126806594947508766274098564275590",
"251596126171393086971417483863373865975",
"216809506739376898110161298169755642165",
"81094426699474786090058490095878523322",
"177201651471177715126504882238810783671"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2022-49426-094738cd",
"signature_type": "Line",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9aa215450888cf29af0c479e14a712dc6b0c506c",
"target": {
"function": "arm_smmu_free_shared_cd",
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"function_hash": "294772309241658971167591615552430852744",
"length": 121.0
},
"deprecated": false,
"id": "CVE-2022-49426-17358f40",
"signature_type": "Function",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cbd23144f7662b00bcde32a938c4a4057e476d68",
"target": {
"function": "arm_smmu_alloc_shared_cd",
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"function_hash": "117647168439576844901761699548261060643",
"length": 1708.0
},
"deprecated": false,
"id": "CVE-2022-49426-52f80c18",
"signature_type": "Function",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cbd23144f7662b00bcde32a938c4a4057e476d68",
"target": {
"function": "arm_smmu_free_shared_cd",
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"function_hash": "294772309241658971167591615552430852744",
"length": 121.0
},
"deprecated": false,
"id": "CVE-2022-49426-5745ec1e",
"signature_type": "Function",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3cbbdbff8a4db5d053c53fd71be62ccccdb52b0",
"target": {
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"line_hashes": [
"199573941502738814452273173395105972395",
"23068384874534669659628255196597326708",
"202949095744626106972546117117116375785",
"158151029981066433713762111506164205472",
"112837849013932809601270773104694385435",
"90982313822912604033315813153414078760",
"13246362121769456088733132721556661224",
"113230354026799769919584743244097264742",
"60306163660711205910268308053210484209",
"88973013800609819949721058658400708985",
"274428946425137881025843349700974104862",
"246130972882053069699042413327490686288",
"91247126806594947508766274098564275590",
"251596126171393086971417483863373865975",
"216809506739376898110161298169755642165",
"81094426699474786090058490095878523322",
"177201651471177715126504882238810783671"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2022-49426-85a744aa",
"signature_type": "Line",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fc90f13ea0dcd960e5002d204fa55cec4e0db2fa",
"target": {
"function": "arm_smmu_free_shared_cd",
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"function_hash": "294772309241658971167591615552430852744",
"length": 121.0
},
"deprecated": false,
"id": "CVE-2022-49426-ae3d82c9",
"signature_type": "Function",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cbd23144f7662b00bcde32a938c4a4057e476d68",
"target": {
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"line_hashes": [
"199573941502738814452273173395105972395",
"23068384874534669659628255196597326708",
"202949095744626106972546117117116375785",
"158151029981066433713762111506164205472",
"112837849013932809601270773104694385435",
"90982313822912604033315813153414078760",
"13246362121769456088733132721556661224",
"113230354026799769919584743244097264742",
"60306163660711205910268308053210484209",
"88973013800609819949721058658400708985",
"274428946425137881025843349700974104862",
"246130972882053069699042413327490686288",
"91247126806594947508766274098564275590",
"251596126171393086971417483863373865975",
"216809506739376898110161298169755642165",
"81094426699474786090058490095878523322",
"177201651471177715126504882238810783671"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2022-49426-bd2d688c",
"signature_type": "Line",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fc90f13ea0dcd960e5002d204fa55cec4e0db2fa",
"target": {
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"line_hashes": [
"199573941502738814452273173395105972395",
"23068384874534669659628255196597326708",
"202949095744626106972546117117116375785",
"158151029981066433713762111506164205472",
"112837849013932809601270773104694385435",
"90982313822912604033315813153414078760",
"13246362121769456088733132721556661224",
"113230354026799769919584743244097264742",
"60306163660711205910268308053210484209",
"88973013800609819949721058658400708985",
"274428946425137881025843349700974104862",
"246130972882053069699042413327490686288",
"91247126806594947508766274098564275590",
"251596126171393086971417483863373865975",
"216809506739376898110161298169755642165",
"81094426699474786090058490095878523322",
"177201651471177715126504882238810783671"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2022-49426-c17f1d1f",
"signature_type": "Line",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3cbbdbff8a4db5d053c53fd71be62ccccdb52b0",
"target": {
"function": "arm_smmu_alloc_shared_cd",
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"function_hash": "117647168439576844901761699548261060643",
"length": 1708.0
},
"deprecated": false,
"id": "CVE-2022-49426-c19ab581",
"signature_type": "Function",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e3cbbdbff8a4db5d053c53fd71be62ccccdb52b0",
"target": {
"function": "arm_smmu_free_shared_cd",
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"function_hash": "294772309241658971167591615552430852744",
"length": 121.0
},
"deprecated": false,
"id": "CVE-2022-49426-c468cd74",
"signature_type": "Function",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fc90f13ea0dcd960e5002d204fa55cec4e0db2fa",
"target": {
"function": "arm_smmu_alloc_shared_cd",
"file": "drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c"
},
"digest": {
"function_hash": "117647168439576844901761699548261060643",
"length": 1708.0
},
"deprecated": false,
"id": "CVE-2022-49426-fc321b19",
"signature_type": "Function",
"signature_version": "v1"
}
]