CVE-2022-48731 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

mm/kmemleak: avoid scanning potential huge holes

When using devm_request_free_mem_region() and devm_memremap_pages() to
add ZONE_DEVICE memory, if requested free mem region's end pfn were
huge(e.g., 0x400000000), the node_end_pfn() will be also huge (see
move_pfn_range_to_zone()). Thus it creates a huge hole between
node_start_pfn() and node_end_pfn().

We found on some AMD APUs, amdkfd requested such a free mem region and
created a huge hole. In such a case, following code snippet was just
doing busy test_bit() looping on the huge hole.

for (pfn = start_pfn; pfn < end_pfn; pfn++) {
struct page *page = pfn_to_online_page(pfn);
if (!page)
continue;
...
}

So we got a soft lockup:

watchdog: BUG: soft lockup - CPU#6 stuck for 26s! [bash:1221]
CPU: 6 PID: 1221 Comm: bash Not tainted 5.15.0-custom #1
RIP: 0010:pfn_to_online_page+0x5/0xd0
Call Trace:
? kmemleak_scan+0x16a/0x440
kmemleak_write+0x306/0x3a0
? common_file_perm+0x72/0x170
full_proxy_write+0x5c/0x90
vfs_write+0xb9/0x260
ksys_write+0x67/0xe0
__x64_sys_write+0x1a/0x20
do_syscall_64+0x3b/0xc0
entry_SYSCALL_64_after_hwframe+0x44/0xae

I did some tests with the patch.

(1) amdgpu module unloaded

before the patch:

real 0m0.976s
user 0m0.000s
sys 0m0.968s

after the patch:

real 0m0.981s
user 0m0.000s
sys 0m0.973s

(2) amdgpu module loaded

before the patch:

real 0m35.365s
user 0m0.000s
sys 0m35.354s

after the patch:

real 0m1.049s
user 0m0.000s
sys 0m1.042s

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4ef589dc9b10cdcae75a2b2b0e9b2c5e8a92c378`	affected	< d3533ee20e9a0e2e8f60384da7450d43d1c63d1a
`4ef589dc9b10cdcae75a2b2b0e9b2c5e8a92c378`	affected	< 352715593e81b917ce1b321e794549815b850134
`4ef589dc9b10cdcae75a2b2b0e9b2c5e8a92c378`	affected	< a5389c80992f0001ee505838fe6a8b20897ce96e
`4ef589dc9b10cdcae75a2b2b0e9b2c5e8a92c378`	affected	< cebb0aceb21ad91429617a40e3a17444fabf1529
`4ef589dc9b10cdcae75a2b2b0e9b2c5e8a92c378`	affected	< c10a0f877fe007021d70f9cada240f42adc2b5db

Linux

affected

Version	Status	Constraints
`4.14`	affected	—
`0`	unaffected	< 4.14
`5.4.178`	unaffected	≤ 5.4.*
`5.10.99`	unaffected	≤ 5.10.*
`5.15.22`	unaffected	≤ 5.15.*
`5.16.8`	unaffected	≤ 5.16.*
`5.17`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.17:rc2::::::

No data.

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/352715593e81b917ce1b321e794549815b850134
https://git.kernel.org/stable/c/a5389c80992f0001ee505838fe6a8b20897ce96e
https://git.kernel.org/stable/c/c10a0f877fe007021d70f9cada240f42adc2b5db
https://git.kernel.org/stable/c/cebb0aceb21ad91429617a40e3a17444fabf1529
https://git.kernel.org/stable/c/d3533ee20e9a0e2e8f60384da7450d43d1c63d1a
https://lore.kernel.org/linux-cve-announce/2024062059-CVE-2022-48731-d547@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-48731
https://www.cve.org/CVERecord?id=CVE-2022-48731

History

Tue, 01 Apr 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-667
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.17:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.17:rc2::::::
Vendors & Products		Linux Linux linux Kernel

Tue, 29 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-20T11:13:19.407Z

Updated: 2025-12-23T13:20:06.320Z

Reserved: 2024-06-20T11:09:39.053Z

Link: CVE-2022-48731

Vulnrichment

Updated: 2024-08-03T15:25:01.574Z

NVD

Status : Analyzed

Published: 2024-06-20T12:15:11.517

Modified: 2025-04-01T18:27:59.233

Link: CVE-2022-48731

Redhat

Severity : Low

Publid Date: 2024-06-20T00:00:00Z

Links: CVE-2022-48731 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object