CVE-2022-49562
Description
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits Use the recently introduced __try_cmpxchg_user() to update guest PTE A/D bits instead of mapping the PTE into kernel address space. The VM_PFNMAP path is broken as it assumes that vm_pgoff is the base pfn of the mapped VMA range, which is conceptually wrong as vm_pgoff is the offset relative to the file and has nothing to do with the pfn. The horrific hack worked for the original use case (backing guest memory with /dev/mem), but leads to accessing "random" pfns for pretty much any other VM_PFNMAP case.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 5.18.2-1 |
| debian | bullseye | affected | |
| debian | forky | fixed | 5.18.2-1 |
| debian | sid | fixed | 5.18.2-1 |
| debian | trixie | fixed | 5.18.2-1 |
References
💬 Discuss CVE-2022-49562 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.