CVE - CVE-2022-49152

CVE-ID
CVE-2022-49152	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xas_create_range() when multi-order entry present If there is already an entry present that is of order >= XA_CHUNK_SHIFT when we call xas_create_range(), xas_create_range() will misinterpret that entry as a node and dereference xa_node->parent, generally leading to a crash that looks something like this: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 32 Comm: khugepaged Not tainted 5.17.0-rc8-syzkaller-00003-g56e337f2cf13 #0 RIP: 0010:xa_parent_locked include/linux/xarray.h:1207 [inline] RIP: 0010:xas_create_range+0x2d9/0x6e0 lib/xarray.c:725 It's deterministically reproducable once you know what the problem is, but producing it in a live kernel requires khugepaged to hit a race. While the problem has been present since xas_create_range() was introduced, I'm not aware of a way to hit it before the page cache was converted to use multi-index entries.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/18f13edf3424b3b61814b69d5269b2e14584800c URL:https://git.kernel.org/stable/c/18f13edf3424b3b61814b69d5269b2e14584800c MISC:https://git.kernel.org/stable/c/1ac49c8fd49fdf53d3cd8b77eb8ffda08d7fbe22 URL:https://git.kernel.org/stable/c/1ac49c8fd49fdf53d3cd8b77eb8ffda08d7fbe22 MISC:https://git.kernel.org/stable/c/29968329b926d238e3107ec071a250397555d264 URL:https://git.kernel.org/stable/c/29968329b926d238e3107ec071a250397555d264 MISC:https://git.kernel.org/stable/c/3e2852eda19ee1a400cd809d7a9322680f34a262 URL:https://git.kernel.org/stable/c/3e2852eda19ee1a400cd809d7a9322680f34a262 MISC:https://git.kernel.org/stable/c/3e3c658055c002900982513e289398a1aad4a488 URL:https://git.kernel.org/stable/c/3e3c658055c002900982513e289398a1aad4a488 MISC:https://git.kernel.org/stable/c/7521a97b1929042604bef6859f62fa8b4bbc077b URL:https://git.kernel.org/stable/c/7521a97b1929042604bef6859f62fa8b4bbc077b
Assigning CNA
kernel.org
Date Record Created
20250226	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250226)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)