SB20241022327 - Input validation error in Linux kernel mm
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022327
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2022-48991)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the retract_page_tables() function in mm/khugepaged.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/275c626c131cfe141beeb6c575e31fa53d32da19
- https://git.kernel.org/stable/c/c23105673228c349739e958fa33955ed8faddcaf
- https://git.kernel.org/stable/c/ff2a1a6f869650aec99e9d070b5ab625bfbc5bc3
- https://git.kernel.org/stable/c/5ffc2a75534d9d74d49760f983f8eb675fa63d69
- https://git.kernel.org/stable/c/7f445ca2e0e59c7971d0b7b853465e50844ab596
- https://git.kernel.org/stable/c/1a3f8c6cd29d9078cc81b29d39d0e9ae1d6a03c3
- https://git.kernel.org/stable/c/5450535901d89a5dcca5fbbc59a24fe89caeb465
- https://git.kernel.org/stable/c/f268f6cf875f3220afc77bdd0bf1bb136eb54db9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.303
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.337
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1