#VU99215 Input validation error in Linux kernel - CVE-2022-48991
Published: October 22, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU99215
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-48991
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the retract_page_tables() function in mm/khugepaged.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/275c626c131cfe141beeb6c575e31fa53d32da19
- https://git.kernel.org/stable/c/c23105673228c349739e958fa33955ed8faddcaf
- https://git.kernel.org/stable/c/ff2a1a6f869650aec99e9d070b5ab625bfbc5bc3
- https://git.kernel.org/stable/c/5ffc2a75534d9d74d49760f983f8eb675fa63d69
- https://git.kernel.org/stable/c/7f445ca2e0e59c7971d0b7b853465e50844ab596
- https://git.kernel.org/stable/c/1a3f8c6cd29d9078cc81b29d39d0e9ae1d6a03c3
- https://git.kernel.org/stable/c/5450535901d89a5dcca5fbbc59a24fe89caeb465
- https://git.kernel.org/stable/c/f268f6cf875f3220afc77bdd0bf1bb136eb54db9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.303
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.337
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.159
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1