CVE-2022-49210 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: MIPS: pgalloc: fix memory leak caused by pgd_free() pgd page is freed by generic implementation pgd_free() since commit f9cb654cb550 ("asm-generic: pgalloc: provide generic pgd_free()"), however, there are scenarios that the system uses more than one page as the pgd table, in such cases the generic implementation pgd_free() won't be applicable anymore. For example, when PAGE_SIZE_4KB is enabled and MIPS_VA_BITS_48 is not enabled in a 64bit system, the macro "PGD_ORDER" will be set as "1", which will cause allocating two pages as the pgd table. Well, at the same time, the generic implementation pgd_free() just free one pgd page, which will result in the memory leak. The memory leak can be easily detected by executing shell command: "while true; do ls > /dev/null; grep MemFree /proc/meminfo; done"

Reserved 2025-02-26 | Published 2025-02-26 | Updated 2025-02-26 | Assigner Linux

Product status

Default status

unaffected

f9cb654cb550b7b87e8608b14fc3eca432429ffe before fa3d44424579972cc7c4fac3d9cf227798ebdfa0

affected

f9cb654cb550b7b87e8608b14fc3eca432429ffe before d29cda15cab086d82d692de016f7249545d4b6b4

affected

f9cb654cb550b7b87e8608b14fc3eca432429ffe before 5a8501d34b261906e4c76ec9da679f2cb4d309ed

affected

f9cb654cb550b7b87e8608b14fc3eca432429ffe before 1bf0d78c8cc3cf615a6e7bf33ada70b73592f0a1

affected

f9cb654cb550b7b87e8608b14fc3eca432429ffe before 2bc5bab9a763d520937e4f3fe8df51c6a1eceb97

affected

Default status

affected

5.9

affected

Any version before 5.9

unaffected

5.10.110

unaffected

5.15.33

unaffected

5.16.19

unaffected

5.17.2

unaffected

5.18

unaffected

References

git.kernel.org/...c/fa3d44424579972cc7c4fac3d9cf227798ebdfa0

git.kernel.org/...c/d29cda15cab086d82d692de016f7249545d4b6b4

git.kernel.org/...c/5a8501d34b261906e4c76ec9da679f2cb4d309ed

git.kernel.org/...c/1bf0d78c8cc3cf615a6e7bf33ada70b73592f0a1

git.kernel.org/...c/2bc5bab9a763d520937e4f3fe8df51c6a1eceb97

cve.org (CVE-2022-49210)

nvd.nist.gov (CVE-2022-49210)

Download JSON