CVE-2022-48986

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48986
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48986.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48986
Downstream
Published
2024-10-21T20:06:02.502Z
Modified
2026-03-12T03:24:23.795208Z
Summary
mm/gup: fix gup_pud_range() for dax
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/gup: fix guppudrange() for dax

For dax pud, pudhuge() returns true on x86. So the function works as long as hugetlb is configured. However, dax doesn't depend on hugetlb. Commit 414fd080d125 ("mm/gup: fix guppmd_range() for dax") fixed devmap-backed huge PMDs, but missed devmap-backed huge PUDs. Fix this as well.

This fixes the below kernel panic:

general protection fault, probably for non-canonical address 0x69e7c000cc478: 0000 [#1] SMP < snip > Call Trace: <TASK> getuserpagesfast+0x1f/0x40 iovitergetpages+0xc6/0x3b0 ? mempoolalloc+0x5d/0x170 bioiovitergetpages+0x82/0x4e0 ? bvecalloc+0x91/0xc0 ? bioallocbioset+0x19a/0x2a0 blkdevdirectIO+0x282/0x480 ? __iocompleterw_common+0xc0/0xc0 ? filemaprangehaspage+0x82/0xc0 genericfiledirectwrite+0x9d/0x1a0 ? inodeupdatetime+0x24/0x30 __genericfilewriteiter+0xbd/0x1e0 blkdevwriteiter+0xb4/0x150 ? ioimportiovec+0x8d/0x340 iowrite+0xf9/0x300 ioissuesqe+0x3c3/0x1d30 ? sysvecrescheduleipi+0x6c/0x80 __ioqueuesqe+0x33/0x240 ? fget+0x76/0xa0 iosubmitsqes+0xe6a/0x18d0 ? __fget_light+0xd1/0x100 __x64sysiouringenter+0x199/0x880 ? __contexttrackingenter+0x1f/0x70 ? irqentryexittousermode+0x24/0x30 ? irqentry_exit+0x1d/0x30 ? __contexttrackingexit+0xe/0x70 dosyscall64+0x3b/0x90 entrySYSCALL64afterhwframe+0x61/0xcb RIP: 0033:0x7fc97c11a7be < snip > </TASK> ---[ end trace 48b2e0e67debcaeb ]--- RIP: 0010:internalgetuserpagesfast+0x340/0x990 < snip > Kernel panic - not syncing: Fatal exception Kernel Offset: disabled

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48986.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
414fd080d125408cb15d04ff4907e1dd8145c8c7
Fixed
04edfa3dc06ecfc6133a33bc7271298782dee875
Fixed
f1cf856123ceb766c49967ec79b841030fa1741f
Fixed
3ac29732a2ffa64c7de13a072b0f2848b9c11037
Fixed
e06d13c36ded750c72521b600293befebb4e56c5
Fixed
fcd0ccd836ffad73d98a66f6fea7b16f735ea920
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c133d8eb894cb280f331608c6f1962ba9fbfe6b0
Last affected
538162d21ac877b060dc057c89f13718f5caffc5
Last affected
8b1a7762e0dac5db42a003009fdcb425f10baa07

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48986.json"