CVE-2022-48986

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-48986

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48986.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-48986

Downstream

UBUNTU-CVE-2022-48986

Published

2024-10-21T20:15:10Z

Modified

2025-07-01T14:22:55.192800Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

mm/gup: fix guppudrange() for dax

For dax pud, pudhuge() returns true on x86. So the function works as long as hugetlb is configured. However, dax doesn't depend on hugetlb. Commit 414fd080d125 ("mm/gup: fix guppmd_range() for dax") fixed devmap-backed huge PMDs, but missed devmap-backed huge PUDs. Fix this as well.

This fixes the below kernel panic:

general protection fault, probably for non-canonical address 0x69e7c000cc478: 0000 [#1] SMP < snip > Call Trace: <TASK> getuserpagesfast+0x1f/0x40 iovitergetpages+0xc6/0x3b0 ? mempoolalloc+0x5d/0x170 bioiovitergetpages+0x82/0x4e0 ? bvecalloc+0x91/0xc0 ? bioallocbioset+0x19a/0x2a0 blkdevdirectIO+0x282/0x480 ? _iocompleterwcommon+0xc0/0xc0 ? filemaprangehaspage+0x82/0xc0 genericfiledirectwrite+0x9d/0x1a0 ? inodeupdatetime+0x24/0x30 _genericfilewriteiter+0xbd/0x1e0 blkdevwriteiter+0xb4/0x150 ? ioimportiovec+0x8d/0x340 iowrite+0xf9/0x300 ioissuesqe+0x3c3/0x1d30 ? sysvecrescheduleipi+0x6c/0x80 _ioqueuesqe+0x33/0x240 ? fget+0x76/0xa0 iosubmitsqes+0xe6a/0x18d0 ? _fgetlight+0xd1/0x100 _x64sysiouringenter+0x199/0x880 ? _contexttrackingenter+0x1f/0x70 ? irqentryexittousermode+0x24/0x30 ? irqentryexit+0x1d/0x30 ? _contexttrackingexit+0xe/0x70 dosyscall64+0x3b/0x90 entrySYSCALL64afterhwframe+0x61/0xcb RIP: 0033:0x7fc97c11a7be < snip > </TASK> ---[ end trace 48b2e0e67debcaeb ]--- RIP: 0010:internalgetuserpagesfast+0x340/0x990 < snip > Kernel panic - not syncing: Fatal exception Kernel Offset: disabled

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.162-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}