FKIE_CVE-2022-49210
Vulnerability from fkie_nvd - Published: 2025-02-26 07:00 - Updated: 2026-06-17 05:17
Severity
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
MIPS: pgalloc: fix memory leak caused by pgd_free()
pgd page is freed by generic implementation pgd_free() since commit
f9cb654cb550 ("asm-generic: pgalloc: provide generic pgd_free()"),
however, there are scenarios that the system uses more than one page as
the pgd table, in such cases the generic implementation pgd_free() won't
be applicable anymore. For example, when PAGE_SIZE_4KB is enabled and
MIPS_VA_BITS_48 is not enabled in a 64bit system, the macro "PGD_ORDER"
will be set as "1", which will cause allocating two pages as the pgd
table. Well, at the same time, the generic implementation pgd_free()
just free one pgd page, which will result in the memory leak.
The memory leak can be easily detected by executing shell command:
"while true; do ls > /dev/null; grep MemFree /proc/meminfo; done"
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/mips/include/asm/pgalloc.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fa3d44424579972cc7c4fac3d9cf227798ebdfa0",
"status": "affected",
"version": "f9cb654cb550b7b87e8608b14fc3eca432429ffe",
"versionType": "git"
},
{
"lessThan": "d29cda15cab086d82d692de016f7249545d4b6b4",
"status": "affected",
"version": "f9cb654cb550b7b87e8608b14fc3eca432429ffe",
"versionType": "git"
},
{
"lessThan": "5a8501d34b261906e4c76ec9da679f2cb4d309ed",
"status": "affected",
"version": "f9cb654cb550b7b87e8608b14fc3eca432429ffe",
"versionType": "git"
},
{
"lessThan": "1bf0d78c8cc3cf615a6e7bf33ada70b73592f0a1",
"status": "affected",
"version": "f9cb654cb550b7b87e8608b14fc3eca432429ffe",
"versionType": "git"
},
{
"lessThan": "2bc5bab9a763d520937e4f3fe8df51c6a1eceb97",
"status": "affected",
"version": "f9cb654cb550b7b87e8608b14fc3eca432429ffe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/mips/include/asm/pgalloc.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.18",
"versionType": "original_commit_for_fix"
}
]
}
],
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F97CB26-001B-4811-8A9D-40FE3DB060DB",
"versionEndExcluding": "5.10.110",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27C42AE8-B387-43E2-938A-E1C8B40BE6D5",
"versionEndExcluding": "5.15.33",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20C43679-0439-405A-B97F-685BEE50613B",
"versionEndExcluding": "5.16.19",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "210C679C-CF84-44A3-8939-E629C87E54BF",
"versionEndExcluding": "5.17.2",
"versionStartIncluding": "5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: pgalloc: fix memory leak caused by pgd_free()\n\npgd page is freed by generic implementation pgd_free() since commit\nf9cb654cb550 (\"asm-generic: pgalloc: provide generic pgd_free()\"),\nhowever, there are scenarios that the system uses more than one page as\nthe pgd table, in such cases the generic implementation pgd_free() won\u0027t\nbe applicable anymore. For example, when PAGE_SIZE_4KB is enabled and\nMIPS_VA_BITS_48 is not enabled in a 64bit system, the macro \"PGD_ORDER\"\nwill be set as \"1\", which will cause allocating two pages as the pgd\ntable. Well, at the same time, the generic implementation pgd_free()\njust free one pgd page, which will result in the memory leak.\n\nThe memory leak can be easily detected by executing shell command:\n\"while true; do ls \u003e /dev/null; grep MemFree /proc/meminfo; done\""
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: MIPS: pgalloc: reparar p\u00e9rdida de memoria causada por pgd_free() La p\u00e1gina pgd es liberada por la implementaci\u00f3n gen\u00e9rica pgd_free() desde el commit f9cb654cb550 (\"asm-generic: pgalloc: proporcionar pgd_free() gen\u00e9rico\"), sin embargo, hay escenarios en los que el sistema usa m\u00e1s de una p\u00e1gina como la tabla pgd, en tales casos la implementaci\u00f3n gen\u00e9rica pgd_free() ya no ser\u00e1 aplicable. Por ejemplo, cuando PAGE_SIZE_4KB est\u00e1 habilitado y MIPS_VA_BITS_48 no est\u00e1 habilitado en un sistema de 64 bits, la macro \"PGD_ORDER\" se establecer\u00e1 como \"1\", lo que provocar\u00e1 la asignaci\u00f3n de dos p\u00e1ginas como la tabla pgd. Bueno, al mismo tiempo, la implementaci\u00f3n gen\u00e9rica pgd_free() solo libera una p\u00e1gina pgd, lo que provocar\u00e1 la p\u00e9rdida de memoria. La p\u00e9rdida de memoria se puede detectar f\u00e1cilmente ejecutando el comando de shell: \"while true; do ls \u0026gt; /dev/null; grep MemFree /proc/meminfo; done\""
}
],
"id": "CVE-2022-49210",
"lastModified": "2026-06-17T05:17:23.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2022-49210",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T19:46:51.248312Z",
"version": "2.0.3"
}
}
]
},
"published": "2025-02-26T07:00:58.107",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/1bf0d78c8cc3cf615a6e7bf33ada70b73592f0a1"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2bc5bab9a763d520937e4f3fe8df51c6a1eceb97"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/5a8501d34b261906e4c76ec9da679f2cb4d309ed"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/d29cda15cab086d82d692de016f7249545d4b6b4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/fa3d44424579972cc7c4fac3d9cf227798ebdfa0"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…