AZL-68690

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68690.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-68690

Upstream

CVE-2022-49562

Published

2025-02-26T07:01:31Z

Modified

2026-04-01T05:21:28.443042Z

Summary

CVE-2022-49562 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Use __trycmpxchguser() to update guest PTE A/D bits

Use the recently introduced __trycmpxchguser() to update guest PTE A/D bits instead of mapping the PTE into kernel address space. The VMPFNMAP path is broken as it assumes that vmpgoff is the base pfn of the mapped VMA range, which is conceptually wrong as vmpgoff is the offset relative to the file and has nothing to do with the pfn. The horrific hack worked for the original use case (backing guest memory with /dev/mem), but leads to accessing "random" pfns for pretty much any other VMPFNMAP case.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-49562

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68690.json"