CVE-2022-49989
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49989
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49989.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49989
- Related
- Published
- 2025-06-18T11:15:26Z
- Modified
- 2025-06-18T16:46:58.951052Z
- Downstream
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
xen/privcmd: fix error exit of privcmdioctldm_op()
The error exit of privcmdioctldmop() is calling unlockpages() potentially with pages being NULL, leading to a NULL dereference.
Additionally lockpages() doesn't check for pinuserpagesfast() having been completely successful, resulting in potentially not locking all pages into memory. This could result in sporadic failures when using the related memory in user mode.
Fix all of that by calling unlockpages() always with the real number of pinned pages, which will be zero in case pages being NULL, and by checking the number of pages pinned by pinuserpagesfast() matching the expected number of pages.
- References
-
- https://git.kernel.org/stable/c/45d47bd9b96e7874b98dbcc7602fe2826c5d62a6
- https://git.kernel.org/stable/c/6de50db104af0dc921f593fd95c55db86a52ceef
- https://git.kernel.org/stable/c/c2b7bae7c90051fd6a679d5dee00400d67ebbf4a
- https://git.kernel.org/stable/c/c5deb27895e017a0267de0a20d140ad5fcc55a54
- https://security-tracker.debian.org/tracker/CVE-2022-49989
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.140-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source